Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pJRiqnTih0.exe

Overview

General Information

Sample name:pJRiqnTih0.exe
renamed because original name is a hash value
Original sample name:3ec4a2254f27c1276d3f806071827e5a.exe
Analysis ID:1579688
MD5:3ec4a2254f27c1276d3f806071827e5a
SHA1:d765545998552b85df53ba7c1bd30dd28ddb9c7c
SHA256:95781d4624835c84bc6db057875e60a1fa744e3ead2541082062c7205ccaee94
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • pJRiqnTih0.exe (PID: 6404 cmdline: "C:\Users\user\Desktop\pJRiqnTih0.exe" MD5: 3EC4A2254F27C1276D3F806071827E5A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["sustainskelet.lat", "rapeflowwj.lat", "aspecteirs.lat", "crosshuaht.lat", "energyaffai.lat", "necklacebudi.lat", "discokeyus.lat", "grannyejh.lat", "sweepyribs.lat"], "Build id": "PsFKDg--pablo"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:24.544136+010020283713Unknown Traffic192.168.2.74969923.55.153.106443TCP
      2024-12-23T07:36:27.232236+010020283713Unknown Traffic192.168.2.749700172.67.157.254443TCP
      2024-12-23T07:36:28.865574+010020283713Unknown Traffic192.168.2.749702172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:28.269004+010020546531A Network Trojan was detected192.168.2.749700172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:28.269004+010020498361A Network Trojan was detected192.168.2.749700172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:22.436880+010020583541Domain Observed Used for C2 Detected192.168.2.7551461.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:22.717509+010020583581Domain Observed Used for C2 Detected192.168.2.7606701.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:21.660685+010020583601Domain Observed Used for C2 Detected192.168.2.7626541.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:22.289844+010020583621Domain Observed Used for C2 Detected192.168.2.7535591.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:21.472178+010020583641Domain Observed Used for C2 Detected192.168.2.7588281.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:21.852899+010020583701Domain Observed Used for C2 Detected192.168.2.7533681.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:22.859840+010020583741Domain Observed Used for C2 Detected192.168.2.7554001.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:22.577250+010020583761Domain Observed Used for C2 Detected192.168.2.7624311.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:20.897594+010020583781Domain Observed Used for C2 Detected192.168.2.7631511.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:25.336411+010028586661Domain Observed Used for C2 Detected192.168.2.74969923.55.153.106443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: pJRiqnTih0.exeAvira: detected
      Source: pJRiqnTih0.exe.6404.5.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["sustainskelet.lat", "rapeflowwj.lat", "aspecteirs.lat", "crosshuaht.lat", "energyaffai.lat", "necklacebudi.lat", "discokeyus.lat", "grannyejh.lat", "sweepyribs.lat"], "Build id": "PsFKDg--pablo"}
      Source: pJRiqnTih0.exeVirustotal: Detection: 56%Perma Link
      Source: pJRiqnTih0.exeReversingLabs: Detection: 63%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: pJRiqnTih0.exeJoe Sandbox ML: detected
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: rapeflowwj.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: crosshuaht.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: sustainskelet.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: aspecteirs.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: energyaffai.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: necklacebudi.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: discokeyus.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: grannyejh.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: sweepyribs.lat
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: - Screen Resoluton:
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: Workgroup: -
      Source: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpString decryptor: PsFKDg--pablo
      Source: pJRiqnTih0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.7:49700 version: TLS 1.2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]5_2_0013C767
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]5_2_0010B70C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov edx, ecx5_2_00109C4A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, esi5_2_00122190
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ebx], cx5_2_00122190
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h5_2_00122190
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]5_2_00116263
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then jmp dword ptr [0014450Ch]5_2_00118591
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h5_2_001385E0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then jmp eax5_2_001385E0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov eax, dword ptr [0014473Ch]5_2_0011C653
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_0012A700
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]5_2_0011E7C0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov edx, ecx5_2_00138810
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh5_2_00138810
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh5_2_00138810
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then test eax, eax5_2_00138810
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], al5_2_0011682D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]5_2_0011682D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]5_2_0011682D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, edx5_2_0010C8B6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]5_2_0010C8B6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], cl5_2_0012CA49
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then push ebx5_2_0013CA93
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], cl5_2_0012CAD0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], cl5_2_0012CB11
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], cl5_2_0012CB22
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [eax], cx5_2_0011CB40
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [esi], cx5_2_0011CB40
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00128B61
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp al, 2Eh5_2_00126B95
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]5_2_0013ECA0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]5_2_00128D93
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, eax5_2_0013AEC0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al5_2_00108F50
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [edi], bl5_2_00108F50
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]5_2_0013EFB0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then push C0BFD6CCh5_2_00123086
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then push C0BFD6CCh5_2_00123086
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]5_2_0012B170
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h5_2_0013B1D0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, eax5_2_0013B1D0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ecx], dx5_2_001291DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]5_2_001291DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]5_2_00115220
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ebx], ax5_2_0011B2E0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]5_2_0013F330
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]5_2_00117380
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h5_2_0011D380
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_00135450
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]5_2_00117380
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ecx], dx5_2_001291DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]5_2_001291DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]5_2_001074F0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]5_2_001074F0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then xor edi, edi5_2_0011759F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, eax5_2_00109580
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ebp+00h], ax5_2_00109580
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov esi, eax5_2_00115799
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, eax5_2_00115799
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx eax, word ptr [edx]5_2_001197C2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [edi], dx5_2_001197C2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [esi], cx5_2_001197C2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov word ptr [ecx], bp5_2_0011D83A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then jmp eax5_2_0012984F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]5_2_00123860
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, eax5_2_00105990
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebp, eax5_2_00105990
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]5_2_001179C1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [esi], al5_2_0012DA53
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then push esi5_2_00127AD3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, eax5_2_0010DBD9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ebx, eax5_2_0010DBD9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then push 00000000h5_2_00129C2B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]5_2_00117DEE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then jmp dword ptr [001455F4h]5_2_00125E30
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov edx, ebp5_2_00125E70
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov byte ptr [esi], al5_2_0011BF14
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]5_2_00119F30
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then jmp ecx5_2_0010BFFD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 4x nop then mov ecx, ebx5_2_0012DFE9

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.7:55146 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.7:60670 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.7:62431 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.7:63151 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.7:53368 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.7:62654 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.7:55400 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.7:53559 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.7:58828 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49699 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.157.254:443
      Source: Malware configuration extractorURLs: sustainskelet.lat
      Source: Malware configuration extractorURLs: rapeflowwj.lat
      Source: Malware configuration extractorURLs: aspecteirs.lat
      Source: Malware configuration extractorURLs: crosshuaht.lat
      Source: Malware configuration extractorURLs: energyaffai.lat
      Source: Malware configuration extractorURLs: necklacebudi.lat
      Source: Malware configuration extractorURLs: discokeyus.lat
      Source: Malware configuration extractorURLs: grannyejh.lat
      Source: Malware configuration extractorURLs: sweepyribs.lat
      Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49702 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 172.67.157.254:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
      Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
      Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
      Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
      Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
      Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
      Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
      Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
      Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000FA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/3
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/:
      Source: pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/C
      Source: pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api4
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apip
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/c
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000F92000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi;
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000F92000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piBU:
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piK
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rapeflowwj.lat/api
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/x
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.7:49700 version: TLS 1.2

      System Summary

      barindex
      Source: pJRiqnTih0.exeStatic PE information: section name:
      Source: pJRiqnTih0.exeStatic PE information: section name: .idata
      Source: pJRiqnTih0.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001088505_2_00108850
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0010ACF05_2_0010ACF0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D401A5_2_001D401A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F60115_2_001F6011
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BC00F5_2_001BC00F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F40025_2_001F4002
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018E03D5_2_0018E03D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025A0155_2_0025A015
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BA02F5_2_001BA02F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022001E5_2_0022001E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002180645_2_00218064
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022C06E5_2_0022C06E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AA0575_2_001AA057
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017C0465_2_0017C046
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019E04D5_2_0019E04D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B204D5_2_001B204D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C5_2_001B804C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A5_2_001A207A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E407B5_2_001E407B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C40705_2_001C4070
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001800825_2_00180082
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021E0945_2_0021E094
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016A0D75_2_0016A0D7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DE0D45_2_001DE0D4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002100EF5_2_002100EF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002040F45_2_002040F4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001860FB5_2_001860FB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019A0F05_2_0019A0F0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001961185_2_00196118
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025612F5_2_0025612F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024C1165_2_0024C116
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D81295_2_001D8129
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019C1225_2_0019C122
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020011B5_2_0020011B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021C11E5_2_0021C11E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002481615_2_00248161
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025016D5_2_0025016D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EC17E5_2_001EC17E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020814F5_2_0020814F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002221595_2_00222159
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E01635_2_001E0163
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017A1965_2_0017A196
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001221905_2_00122190
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C81985_2_002C8198
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018E1A65_2_0018E1A6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001241C05_2_001241C0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FC1CB5_2_001FC1CB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001661C25_2_001661C2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BA1C15_2_001BA1C1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018421F5_2_0018421F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001822085_2_00182208
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D220F5_2_001D220F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B422A5_2_001B422A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002542185_2_00254218
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D027E5_2_001D027E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001742795_2_00174279
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001162635_2_00116263
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002382575_2_00238257
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0011E2905_2_0011E290
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EA2955_2_001EA295
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001062805_2_00106280
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024A2B55_2_0024A2B5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018A28C5_2_0018A28C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022E2BE5_2_0022E2BE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025C2855_2_0025C285
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001762BA5_2_001762BA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BC2DA5_2_001BC2DA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A02CE5_2_001A02CE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C02EB5_2_001C02EB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019E31D5_2_0019E31D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002063295_2_00206329
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002363375_2_00236337
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012830D5_2_0012830D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001083305_2_00108330
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012A33F5_2_0012A33F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023430C5_2_0023430C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001043205_2_00104320
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002083125_2_00208312
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019232C5_2_0019232C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A43225_2_001A4322
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D63485_2_001D6348
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016437D5_2_0016437D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002123505_2_00212350
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001703605_2_00170360
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020C35C5_2_0020C35C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FE3985_2_001FE398
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F63955_2_001F6395
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001243805_2_00124380
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001603825_2_00160382
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001903825_2_00190382
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001943875_2_00194387
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001663B55_2_001663B5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020A3915_2_0020A391
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002423935_2_00242393
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001803D55_2_001803D5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023A3FD5_2_0023A3FD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002203CB5_2_002203CB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012C3FC5_2_0012C3FC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F44025_2_001F4402
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B642C5_2_001B642C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F04525_2_001F0452
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C64795_2_001C6479
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021E44A5_2_0021E44A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022844E5_2_0022844E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002264535_2_00226453
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C04605_2_001C0460
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025245A5_2_0025245A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D84985_2_001D8498
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002BC4A45_2_002BC4A4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018E4805_2_0018E480
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002244BF5_2_002244BF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E64B35_2_001E64B3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002444955_2_00244495
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001784D55_2_001784D5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024C4E65_2_0024C4E6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F24D15_2_001F24D1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016A4C65_2_0016A4C6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AE4C65_2_001AE4C6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E84FA5_2_001E84FA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DE4E25_2_001DE4E2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001225105_2_00122510
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016250D5_2_0016250D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C85075_2_001C8507
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018A5545_2_0018A554
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001805485_2_00180548
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FA54A5_2_001FA54A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001685765_2_00168576
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017A5665_2_0017A566
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B056A5_2_001B056A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E459D5_2_001E459D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001665925_2_00166592
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CA5945_2_001CA594
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021E5B45_2_0021E5B4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B65AC5_2_001B65AC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002145E65_2_002145E6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016C5D95_2_0016C5D9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019A5CA5_2_0019A5CA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002065FC5_2_002065FC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C45F95_2_001C45F9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002105D85_2_002105D8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B46135_2_001B4613
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B060E5_2_001B060E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002166375_2_00216637
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021C6095_2_0021C609
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025C66F5_2_0025C66F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EC6505_2_001EC650
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023C6795_2_0023C679
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023664F5_2_0023664F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BE66F5_2_001BE66F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001926815_2_00192681
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001786B65_2_001786B6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C668A5_2_002C668A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002466945_2_00246694
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021869D5_2_0021869D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001726D75_2_001726D7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001266D05_2_001266D0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001286C05_2_001286C0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021A6F45_2_0021A6F4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A86C15_2_001A86C1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002346C15_2_002346C1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FC6E25_2_001FC6E2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001067105_2_00106710
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D47155_2_001D4715
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001687195_2_00168719
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C070F5_2_001C070F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C27205_2_001C2720
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F275E5_2_001F275E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002007655_2_00200765
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B27515_2_001B2751
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FE7485_2_001FE748
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025877C5_2_0025877C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002527785_2_00252778
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EA77A5_2_001EA77A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A67775_2_001A6777
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001887625_2_00188762
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001187925_2_00118792
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0010A7805_2_0010A780
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B47B45_2_001B47B4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001907A95_2_001907A9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CE7A75_2_001CE7A7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0011E7C05_2_0011E7C0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022A7C65_2_0022A7C6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016C7F15_2_0016C7F1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002287CE5_2_002287CE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002127D75_2_002127D7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001647E15_2_001647E1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001388105_2_00138810
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020A8265_2_0020A826
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DE80D5_2_001DE80D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025A8035_2_0025A803
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F882E5_2_001F882E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017482D5_2_0017482D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0011682D5_2_0011682D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E68575_2_001E6857
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F08475_2_001F0847
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AE8435_2_001AE843
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024084E5_2_0024084E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018C8745_2_0018C874
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002268535_2_00226853
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001628B55_2_001628B5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0010C8B65_2_0010C8B6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001608A65_2_001608A6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001288CB5_2_001288CB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021E8FA5_2_0021E8FA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D88C35_2_001D88C3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A08F95_2_001A08F9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017C8F05_2_0017C8F0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001768E75_2_001768E7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AA8EC5_2_001AA8EC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024C8DC5_2_0024C8DC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017A9115_2_0017A911
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019A90A5_2_0019A90A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CC9085_2_001CC908
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E49085_2_001E4908
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001969035_2_00196903
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001209395_2_00120939
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019092D5_2_0019092D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D095C5_2_001D095C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FA9595_2_001FA959
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EE9525_2_001EE952
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023A96C5_2_0023A96C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001309405_2_00130940
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016A9775_2_0016A977
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B097F5_2_001B097F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002449415_2_00244941
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002569A45_2_002569A4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020099D5_2_0020099D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B89DB5_2_001B89DB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B69D05_2_001B69D0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DE9D15_2_001DE9D1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C09D15_2_001C09D1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002049F25_2_002049F2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AE9C95_2_001AE9C9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001709FB5_2_001709FB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002489C95_2_002489C9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D69F25_2_001D69F2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018A9E15_2_0018A9E1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0010EA105_2_0010EA10
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00250A265_2_00250A26
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00216A2E5_2_00216A2E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C4A015_2_001C4A01
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A6A3B5_2_001A6A3B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BEA3D5_2_001BEA3D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002BAA035_2_002BAA03
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C8A345_2_001C8A34
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023EA0F5_2_0023EA0F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00188A2A5_2_00188A2A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F2A2A5_2_001F2A2A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B2A595_2_001B2A59
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EAA5C5_2_001EAA5C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A2A5D5_2_001A2A5D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024EA705_2_0024EA70
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012CA495_2_0012CA49
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00180A435_2_00180A43
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020EA7B5_2_0020EA7B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00246A465_2_00246A46
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024AA585_2_0024AA58
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C4AAE5_2_002C4AAE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00166A9F5_2_00166A9F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018EA885_2_0018EA88
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023CAB35_2_0023CAB3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00234AB65_2_00234AB6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F4AB95_2_001F4AB9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012CAD05_2_0012CAD0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B4AD95_2_001B4AD9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00238AFE5_2_00238AFE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020CAC85_2_0020CAC8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012CB115_2_0012CB11
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00198B145_2_00198B14
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F6B065_2_001F6B06
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00136B085_2_00136B08
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FEB335_2_001FEB33
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012CB225_2_0012CB22
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019CB2D5_2_0019CB2D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FCB295_2_001FCB29
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C2B265_2_001C2B26
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00126B505_2_00126B50
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E6B5A5_2_001E6B5A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0011CB405_2_0011CB40
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00178B425_2_00178B42
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00172B4F5_2_00172B4F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001ECB795_2_001ECB79
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00224B485_2_00224B48
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00160B675_2_00160B67
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019AB625_2_0019AB62
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023EB5C5_2_0023EB5C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024CBBD5_2_0024CBBD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E2BB25_2_001E2BB2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00236B975_2_00236B97
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E4BA35_2_001E4BA3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00222BE05_2_00222BE0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00240BEF5_2_00240BEF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00200BFA5_2_00200BFA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017EBCC5_2_0017EBCC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00210BC45_2_00210BC4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00242BC95_2_00242BC9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023CBD85_2_0023CBD8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022EC2B5_2_0022EC2B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021AC325_2_0021AC32
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016EC0E5_2_0016EC0E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F0C355_2_001F0C35
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AAC295_2_001AAC29
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023AC165_2_0023AC16
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020AC485_2_0020AC48
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00104C605_2_00104C60
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012AC905_2_0012AC90
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00196C8C5_2_00196C8C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018CC8E5_2_0018CC8E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D8C805_2_001D8C80
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022AC8B5_2_0022AC8B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013ECA05_2_0013ECA0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DCCA75_2_001DCCA7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00238C9D5_2_00238C9D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025CCE25_2_0025CCE2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021CCF05_2_0021CCF0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017CCC05_2_0017CCC0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016CCCB5_2_0016CCCB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00256CC75_2_00256CC7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A0CF15_2_001A0CF1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00214CD15_2_00214CD1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00184CE55_2_00184CE5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DAD1C5_2_001DAD1C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00206D245_2_00206D24
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B0D3D5_2_001B0D3D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00224D6D5_2_00224D6D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0010CD465_2_0010CD46
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A2D425_2_001A2D42
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C6D645_2_001C6D64
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BED9C5_2_001BED9C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023AD865_2_0023AD86
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A4DDA5_2_001A4DDA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00180DDB5_2_00180DDB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016ADDE5_2_0016ADDE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017ADD85_2_0017ADD8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00252DF35_2_00252DF3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D0DC15_2_001D0DC1
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00168DC85_2_00168DC8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DEDE45_2_001DEDE4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AEE185_2_001AEE18
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025AE2F5_2_0025AE2F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018AE325_2_0018AE32
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00190E205_2_00190E20
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022CE1B5_2_0022CE1B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001ECE215_2_001ECE21
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020CE675_2_0020CE67
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C2E7F5_2_002C2E7F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00250E765_2_00250E76
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00136E745_2_00136E74
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00236E4E5_2_00236E4E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019EE6A5_2_0019EE6A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00216E525_2_00216E52
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B0E8C5_2_001B0E8C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FEE865_2_001FEE86
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00202E825_2_00202E82
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F4EBC5_2_001F4EBC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024EE8C5_2_0024EE8C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00204E8E5_2_00204E8E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00162EA25_2_00162EA2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00254E905_2_00254E90
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00224EE25_2_00224EE2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00222EE55_2_00222EE5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013AEC05_2_0013AEC0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00188EC35_2_00188EC3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00198EFE5_2_00198EFE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00166EE45_2_00166EE4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CCEEA5_2_001CCEEA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CAF055_2_001CAF05
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BCF045_2_001BCF04
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019CF395_2_0019CF39
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F0F395_2_001F0F39
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00232F055_2_00232F05
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00170F215_2_00170F21
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FCF245_2_001FCF24
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00102F505_2_00102F50
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00120F505_2_00120F50
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DCF545_2_001DCF54
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00138F595_2_00138F59
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00194F495_2_00194F49
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00178F4E5_2_00178F4E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0012CF745_2_0012CF74
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016EF7B5_2_0016EF7B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00242F575_2_00242F57
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024CF575_2_0024CF57
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E2F9D5_2_001E2F9D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F2F965_2_001F2F96
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025CFAC5_2_0025CFAC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00200FB45_2_00200FB4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EAF855_2_001EAF85
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013EFB05_2_0013EFB0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00168FBB5_2_00168FBB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D2FB25_2_001D2FB2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00258F9D5_2_00258F9D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C2FC85_2_001C2FC8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024903D5_2_0024903D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FF0055_2_001FF005
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C103D5_2_001C103D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B50385_2_001B5038
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EB03B5_2_001EB03B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024506C5_2_0024506C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E907B5_2_001E907B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022B0575_2_0022B057
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BB09E5_2_001BB09E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023F0815_2_0023F081
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001750AC5_2_001750AC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021309A5_2_0021309A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021D09F5_2_0021D09F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025B0E75_2_0025B0E7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D50D95_2_001D50D9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017D0DB5_2_0017D0DB
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002390F85_2_002390F8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002290C35_2_002290C3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001850F25_2_001850F2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022D0C85_2_0022D0C8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CF1105_2_001CF110
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002211185_2_00221118
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016D1565_2_0016D156
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024B1715_2_0024B171
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024717F5_2_0024717F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C51415_2_001C5141
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018D1735_2_0018D173
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016B16C5_2_0016B16C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B31995_2_001B3199
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022F1B85_2_0022F1B8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001091B05_2_001091B0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D11AD5_2_001D11AD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001EF1AC5_2_001EF1AC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001DB1AA5_2_001DB1AA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001971A05_2_001971A0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020719C5_2_0020719C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013B1D05_2_0013B1D0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019B1DA5_2_0019B1DA
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002351E65_2_002351E6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002271E55_2_002271E5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AD1D65_2_001AD1D6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001291DD5_2_001291DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001231C25_2_001231C2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002171F55_2_002171F5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001AF1CF5_2_001AF1CF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A51FF5_2_001A51FF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002531D55_2_002531D5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FB1E45_2_001FB1E4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A32105_2_001A3210
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C52175_2_001C5217
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BF23B5_2_001BF23B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018B23C5_2_0018B23C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001152205_2_00115220
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F72285_2_001F7228
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0021B2165_2_0021B216
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002512605_2_00251260
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001632515_2_00163251
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B12405_2_001B1240
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002232545_2_00223254
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E52645_2_001E5264
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002412A75_2_002412A7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002392805_2_00239280
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002192845_2_00219284
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0024D2E65_2_0024D2E6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002012E35_2_002012E3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001252DD5_2_001252DD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002452F35_2_002452F3
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001832C65_2_001832C6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D92F95_2_001D92F9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0017F2FC5_2_0017F2FC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023D2CD5_2_0023D2CD
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0011B2E05_2_0011B2E0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001FD2E45_2_001FD2E4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001BD31B5_2_001BD31B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002053255_2_00205325
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0016F3105_2_0016F310
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F33145_2_001F3314
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001693345_2_00169334
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001733355_2_00173335
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013F3305_2_0013F330
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002433025_2_00243302
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001813345_2_00181334
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F13305_2_001F1330
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001253275_2_00125327
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013D34D5_2_0013D34D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0025D3435_2_0025D343
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019F36B5_2_0019F36B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001713605_2_00171360
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CB3655_2_001CB365
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0023335E5_2_0023335E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A739B5_2_001A739B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002173B05_2_002173B0
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F93895_2_001F9389
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001D73855_2_001D7385
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020F38F5_2_0020F38F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001873A95_2_001873A9
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C13DF5_2_002C13DF
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0022B3DC5_2_0022B3DC
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0019D4145_2_0019D414
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E74115_2_001E7411
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001F343F5_2_001F343F
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001E143B5_2_001E143B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B74365_2_001B7436
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002414095_2_00241409
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0018F4365_2_0018F436
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0020D46C5_2_0020D46C
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001C14475_2_001C1447
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: String function: 00108030 appears 44 times
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: String function: 00114400 appears 65 times
      Source: pJRiqnTih0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: pJRiqnTih0.exeStatic PE information: Section: ZLIB complexity 0.9973646190068494
      Source: pJRiqnTih0.exeStatic PE information: Section: rczjfdms ZLIB complexity 0.9942407698802579
      Source: pJRiqnTih0.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00130C70 CoCreateInstance,5_2_00130C70
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: pJRiqnTih0.exeVirustotal: Detection: 56%
      Source: pJRiqnTih0.exeReversingLabs: Detection: 63%
      Source: pJRiqnTih0.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile read: C:\Users\user\Desktop\pJRiqnTih0.exeJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: pJRiqnTih0.exeStatic file information: File size 1832960 > 1048576
      Source: pJRiqnTih0.exeStatic PE information: Raw size of rczjfdms is bigger than: 0x100000 < 0x197200

      Data Obfuscation

      barindex
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeUnpacked PE file: 5.2.pJRiqnTih0.exe.100000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rczjfdms:EW;hjhfoolw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rczjfdms:EW;hjhfoolw:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: pJRiqnTih0.exeStatic PE information: real checksum: 0x1c9f4f should be: 0x1c6523
      Source: pJRiqnTih0.exeStatic PE information: section name:
      Source: pJRiqnTih0.exeStatic PE information: section name: .idata
      Source: pJRiqnTih0.exeStatic PE information: section name:
      Source: pJRiqnTih0.exeStatic PE information: section name: rczjfdms
      Source: pJRiqnTih0.exeStatic PE information: section name: hjhfoolw
      Source: pJRiqnTih0.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015A034 push ebp; mov dword ptr [esp], 778D85FEh5_2_0015A035
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015C059 push edi; mov dword ptr [esp], ebx5_2_0015C7D5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00376061 push ecx; mov dword ptr [esp], 1CFF164Fh5_2_00376081
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_00376061 push ebp; mov dword ptr [esp], ecx5_2_00376101
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push ebx; mov dword ptr [esp], 1E695F75h5_2_001B8431
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push 3EC7391Ch; mov dword ptr [esp], edx5_2_001B8442
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push 62072353h; mov dword ptr [esp], edx5_2_001B8465
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push ecx; mov dword ptr [esp], 7DD54600h5_2_001B84F4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push eax; mov dword ptr [esp], ecx5_2_001B851E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push esi; mov dword ptr [esp], ecx5_2_001B85D4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001B804C push 7693DC4Ch; mov dword ptr [esp], edx5_2_001B8642
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A push 4A7C698Ch; mov dword ptr [esp], ecx5_2_001A23F7
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A push 30AD3C9Eh; mov dword ptr [esp], ebx5_2_001A2414
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A push edi; mov dword ptr [esp], ebp5_2_001A24E4
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A push 7F01A8A0h; mov dword ptr [esp], ebx5_2_001A2512
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001A207A push edi; mov dword ptr [esp], 77F2B9DFh5_2_001A263E
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002F405D push 2532F6E0h; mov dword ptr [esp], ebp5_2_002F4082
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CE085 push ebp; mov dword ptr [esp], edx5_2_001CE0F8
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_001CE085 push 3CF78792h; mov dword ptr [esp], eax5_2_001CE15A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015C0C4 push edx; mov dword ptr [esp], esi5_2_0015C0C5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015C0F5 push 34BE4A97h; mov dword ptr [esp], ebp5_2_0015D84B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015C0E0 push 652551DDh; mov dword ptr [esp], ecx5_2_0015E02B
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015A106 push ecx; mov dword ptr [esp], 580E9776h5_2_0015DCCE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002F4157 push ecx; mov dword ptr [esp], edi5_2_002F4184
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002F4157 push 633012DAh; mov dword ptr [esp], edx5_2_002F41E5
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push edx; mov dword ptr [esp], edi5_2_002C822D
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push edi; mov dword ptr [esp], ebp5_2_002C82E6
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push 167EB5F2h; mov dword ptr [esp], edx5_2_002C836A
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push ecx; mov dword ptr [esp], ebp5_2_002C8389
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push 24AB80FBh; mov dword ptr [esp], edx5_2_002C83E2
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_002C8198 push ecx; mov dword ptr [esp], ebp5_2_002C8428
      Source: pJRiqnTih0.exeStatic PE information: section name: entropy: 7.983885313973789
      Source: pJRiqnTih0.exeStatic PE information: section name: rczjfdms entropy: 7.954404428640237

      Boot Survival

      barindex
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D112D second address: 2D1137 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2890B7CFC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2B8B1C second address: 2B8B42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F28915552EDh 0x0000000f jmp 00007F28915552DDh 0x00000014 push esi 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D0640 second address: 2D0667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007F2890B7CFCCh 0x0000000b ja 00007F2890B7CFC6h 0x00000011 pushad 0x00000012 jnc 00007F2890B7CFC6h 0x00000018 jmp 00007F2890B7CFCBh 0x0000001d push edx 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D0667 second address: 2D068F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F28915552E9h 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D068F second address: 2D0695 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D0695 second address: 2D069F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D0831 second address: 2D0835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D38D3 second address: 2D38D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3980 second address: 2D3996 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3996 second address: 2D3A2A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F28915552DCh 0x00000008 jbe 00007F28915552D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 add dword ptr [esp], 28ED9664h 0x00000017 mov dword ptr [ebp+122D1AF8h], esi 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 push edx 0x00000022 call 00007F28915552D8h 0x00000027 pop edx 0x00000028 mov dword ptr [esp+04h], edx 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc edx 0x00000035 push edx 0x00000036 ret 0x00000037 pop edx 0x00000038 ret 0x00000039 mov ecx, dword ptr [ebp+122D2884h] 0x0000003f push esi 0x00000040 mov dword ptr [ebp+122D27E0h], esi 0x00000046 pop edi 0x00000047 push 00000000h 0x00000049 jmp 00007F28915552E4h 0x0000004e push 00000003h 0x00000050 mov dword ptr [ebp+122D1AC2h], ebx 0x00000056 sbb ecx, 2B1C086Dh 0x0000005c call 00007F28915552D9h 0x00000061 pushad 0x00000062 push eax 0x00000063 jmp 00007F28915552DDh 0x00000068 pop eax 0x00000069 jnp 00007F28915552DCh 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3A2A second address: 2D3A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F2890B7CFCCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3A3A second address: 2D3A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3A3E second address: 2D3A66 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2890B7CFDBh 0x00000008 jmp 00007F2890B7CFD5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3A66 second address: 2D3A74 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3A74 second address: 2D3AD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F2890B7CFD3h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jne 00007F2890B7CFE5h 0x00000018 pop eax 0x00000019 or dx, 47B4h 0x0000001e lea ebx, dword ptr [ebp+1244F81Bh] 0x00000024 mov ecx, dword ptr [ebp+122D38C0h] 0x0000002a mov dh, 92h 0x0000002c push eax 0x0000002d je 00007F2890B7CFD0h 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3B40 second address: 2D3B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3B44 second address: 2D3B4A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3B4A second address: 2D3C00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F28915552D8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 jmp 00007F28915552E4h 0x0000002b jnp 00007F28915552D8h 0x00000031 mov edx, eax 0x00000033 push 00000000h 0x00000035 call 00007F28915552E7h 0x0000003a jmp 00007F28915552DAh 0x0000003f pop esi 0x00000040 call 00007F28915552D9h 0x00000045 push edx 0x00000046 jmp 00007F28915552E9h 0x0000004b pop edx 0x0000004c push eax 0x0000004d jmp 00007F28915552DCh 0x00000052 mov eax, dword ptr [esp+04h] 0x00000056 push ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 ja 00007F28915552D6h 0x0000005f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3C00 second address: 2D3C15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jnl 00007F2890B7CFC6h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3D4B second address: 2D3E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 push edx 0x0000000a or dword ptr [ebp+122D24ECh], eax 0x00000010 pop edx 0x00000011 push 00000000h 0x00000013 jmp 00007F28915552E3h 0x00000018 push 4736AA93h 0x0000001d jmp 00007F28915552E9h 0x00000022 xor dword ptr [esp], 4736AA13h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007F28915552D8h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov dl, BDh 0x00000045 mov edx, dword ptr [ebp+122D38D4h] 0x0000004b mov ecx, dword ptr [ebp+122D3950h] 0x00000051 push 00000003h 0x00000053 push 00000000h 0x00000055 push esi 0x00000056 call 00007F28915552D8h 0x0000005b pop esi 0x0000005c mov dword ptr [esp+04h], esi 0x00000060 add dword ptr [esp+04h], 00000015h 0x00000068 inc esi 0x00000069 push esi 0x0000006a ret 0x0000006b pop esi 0x0000006c ret 0x0000006d push 00000000h 0x0000006f mov dword ptr [ebp+122D341Ah], esi 0x00000075 push 00000003h 0x00000077 or ch, FFFFFFE4h 0x0000007a push 496C8D10h 0x0000007f push esi 0x00000080 push eax 0x00000081 push edx 0x00000082 jmp 00007F28915552DDh 0x00000087 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3E05 second address: 2D3E09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2D3E09 second address: 2D3E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 add dword ptr [esp], 769372F0h 0x0000000e mov ecx, ebx 0x00000010 lea ebx, dword ptr [ebp+1244F82Fh] 0x00000016 mov edi, dword ptr [ebp+122D37E8h] 0x0000001c xchg eax, ebx 0x0000001d jng 00007F28915552E4h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F43CF second address: 2F43DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F2890B7CFCEh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F43DE second address: 2F43E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F43E2 second address: 2F4404 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F2890B7CFC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F4404 second address: 2F4408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C454B second address: 2C4551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F27CE second address: 2F27D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F2A9A second address: 2F2AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F31A6 second address: 2F31AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2BBFE6 second address: 2BC030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD0h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F2890B7CFC8h 0x00000011 jmp 00007F2890B7CFD7h 0x00000016 popad 0x00000017 js 00007F2890B7CFEBh 0x0000001d push eax 0x0000001e push edx 0x0000001f jp 00007F2890B7CFC6h 0x00000025 jnl 00007F2890B7CFC6h 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F3469 second address: 2F347E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28915552E1h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F347E second address: 2F34A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFCAh 0x00000007 jng 00007F2890B7CFC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pushad 0x00000011 jns 00007F2890B7CFCAh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F34A2 second address: 2F34AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F3A77 second address: 2F3A80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F7FAB second address: 2F7FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F7FB0 second address: 2F7FB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F7FB6 second address: 2F7FDA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F28915552E4h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F9080 second address: 2F90B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2890B7CFD6h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F90B0 second address: 2F90D6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F28915552E3h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F90D6 second address: 2F90DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2F90DC second address: 2F90E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FA2BB second address: 2FA2D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FA2D5 second address: 2FA2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F28915552D6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FA2DF second address: 2FA2EB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2890B7CFC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FA2EB second address: 2FA2F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FEA8C second address: 2FEA92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FF190 second address: 2FF199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2FF199 second address: 2FF19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301AE4 second address: 301AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301AE8 second address: 301B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F2890B7CFD4h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007F2890B7CFCCh 0x00000017 pop eax 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F2890B7CFC8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 clc 0x00000033 call 00007F2890B7CFC9h 0x00000038 push eax 0x00000039 push edx 0x0000003a jg 00007F2890B7CFCCh 0x00000040 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301B53 second address: 301B7C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F28915552D8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jng 00007F28915552E3h 0x00000013 jmp 00007F28915552DDh 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3022CE second address: 3022D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3022D3 second address: 3022D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3022D9 second address: 3022DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3029A5 second address: 3029A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 302B6B second address: 302B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 302BDF second address: 302C2D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F28915552DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F28915552D8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov dword ptr [ebp+12458990h], edx 0x0000002b jmp 00007F28915552DCh 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 302C2D second address: 302C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 302C31 second address: 302C37 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30319B second address: 3031D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jmp 00007F2890B7CFD5h 0x00000012 pop ebx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3031D2 second address: 30321C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a stc 0x0000000b push 00000000h 0x0000000d or dword ptr [ebp+12477607h], edx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F28915552D8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f clc 0x00000030 xchg eax, ebx 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 jo 00007F28915552D6h 0x0000003a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30321C second address: 303225 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 303225 second address: 303238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jg 00007F28915552D6h 0x00000012 pop eax 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 303BB3 second address: 303BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3039D4 second address: 3039D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3039D8 second address: 3039DE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3039DE second address: 3039EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F28915552DCh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 304A3C second address: 304A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30B0ED second address: 30B0F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30B0F3 second address: 30B0F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30C0D6 second address: 30C119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+12449B01h], edi 0x0000000f push 00000000h 0x00000011 call 00007F28915552E5h 0x00000016 mov ebx, dword ptr [ebp+122D27D9h] 0x0000001c pop edi 0x0000001d push 00000000h 0x0000001f jmp 00007F28915552DFh 0x00000024 push eax 0x00000025 pushad 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30D06B second address: 30D06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30DFC1 second address: 30E00F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F28915552D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1C0Ah], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F28915552D8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f add edi, dword ptr [ebp+122D38F0h] 0x00000035 or dword ptr [ebp+12448E3Dh], ecx 0x0000003b push eax 0x0000003c jns 00007F28915552FBh 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30E00F second address: 30E013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 305E7F second address: 305E89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F28915552D6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 305E89 second address: 305E9B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2890B7CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30FF35 second address: 30FF39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 305E9B second address: 305EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 305EA0 second address: 305EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30B305 second address: 30B30F instructions: 0x00000000 rdtsc 0x00000002 je 00007F2890B7CFCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 311F89 second address: 311F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 311F8D second address: 311F93 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 311F93 second address: 311F99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 311F99 second address: 311F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 312FD8 second address: 312FDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 312FDD second address: 312FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2890B7CFD1h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3121CF second address: 3121D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 312FFA second address: 313082 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F2890B7CFC8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 add bx, 7C97h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F2890B7CFC8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 sbb bx, 749Fh 0x0000004a pushad 0x0000004b mov edx, dword ptr [ebp+122D19E0h] 0x00000051 mov dword ptr [ebp+1246ADA1h], edx 0x00000057 popad 0x00000058 push 00000000h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jnc 00007F2890B7CFC8h 0x00000063 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3121D4 second address: 3121FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F28915552D6h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 313082 second address: 313088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 313088 second address: 31308C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 315059 second address: 31505D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31505D second address: 31506B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F28915552D6h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3131EE second address: 3131F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3142B5 second address: 3142BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 316104 second address: 31617F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov bh, 36h 0x0000000d mov ebx, dword ptr [ebp+122D36CCh] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F2890B7CFC8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f pushad 0x00000030 mov eax, 3C6AB911h 0x00000035 xor edx, dword ptr [ebp+122D1821h] 0x0000003b popad 0x0000003c push 00000000h 0x0000003e jng 00007F2890B7CFDDh 0x00000044 call 00007F2890B7CFD0h 0x00000049 add ebx, dword ptr [ebp+122D3780h] 0x0000004f pop edi 0x00000050 xchg eax, esi 0x00000051 jmp 00007F2890B7CFD7h 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3132A4 second address: 3132A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3142BA second address: 314350 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2890B7CFC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F2890B7CFC8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 or ebx, dword ptr [ebp+122D26FDh] 0x0000002b push dword ptr fs:[00000000h] 0x00000032 mov dword ptr [ebp+122D1AF8h], eax 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007F2890B7CFC8h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 0000001Ah 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 or edi, 6FE0338Fh 0x0000005f cld 0x00000060 jg 00007F2890B7CFCCh 0x00000066 mov eax, dword ptr [ebp+122D040Dh] 0x0000006c pushad 0x0000006d mov al, D0h 0x0000006f mov dword ptr [ebp+124606ABh], edi 0x00000075 popad 0x00000076 push FFFFFFFFh 0x00000078 add dword ptr [ebp+122D29ECh], edi 0x0000007e nop 0x0000007f push edi 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31617F second address: 316183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 314350 second address: 314354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3132A8 second address: 3132AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3132AC second address: 3132B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31633D second address: 316343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31831E second address: 318335 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 318335 second address: 318339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3173EB second address: 3173EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3174D4 second address: 3174DA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3174DA second address: 3174E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3174E0 second address: 3174E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31BA64 second address: 31BA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31FECF second address: 31FED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 31FED4 second address: 31FEDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C2945 second address: 2C294B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C294B second address: 2C2952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C2952 second address: 2C2971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28915552DEh 0x00000009 jg 00007F28915552D6h 0x0000000f popad 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C2971 second address: 2C297B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2C297B second address: 2C298A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jno 00007F28915552D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3307FF second address: 330806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 330806 second address: 33082C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F28915552E2h 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F28915552D6h 0x00000010 popad 0x00000011 jng 00007F28915552DEh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FAC7 second address: 32FACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FACB second address: 32FACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FACF second address: 32FAD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FAD5 second address: 32FAF2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F28915552D8h 0x00000008 ja 00007F28915552D8h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007F28915552D6h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FC62 second address: 32FC96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2890B7CFCBh 0x00000008 jmp 00007F2890B7CFCBh 0x0000000d jp 00007F2890B7CFC6h 0x00000013 jmp 00007F2890B7CFD0h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FC96 second address: 32FC9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FDDA second address: 32FDDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FDDE second address: 32FDEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F28915552D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FDEF second address: 32FDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF2C second address: 32FF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28915552E1h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF41 second address: 32FF45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF45 second address: 32FF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF53 second address: 32FF57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF57 second address: 32FF7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F28915552E8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF7C second address: 32FF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 32FF86 second address: 32FF90 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33023C second address: 330243 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3304EB second address: 3304F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3304F1 second address: 330519 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2890B7CFDEh 0x00000008 jmp 00007F2890B7CFCCh 0x0000000d jmp 00007F2890B7CFCCh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 330694 second address: 330699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3333DE second address: 3333E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3333E2 second address: 3333EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33AC1A second address: 33AC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33AC1E second address: 33AC2E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33AC2E second address: 33AC32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33AC32 second address: 33AC6B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F28915552E6h 0x0000000c ja 00007F28915552D6h 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jp 00007F28915552E2h 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33AC6B second address: 33AC71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 339AC5 second address: 339ACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F28915552D6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300389 second address: 30038D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30038D second address: 30039A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30039A second address: 300422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2890B7CFCCh 0x0000000c popad 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F2890B7CFC8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 jmp 00007F2890B7CFD1h 0x0000002d lea eax, dword ptr [ebp+1247C073h] 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F2890B7CFC8h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d call 00007F2890B7CFCCh 0x00000052 cmc 0x00000053 pop edi 0x00000054 push eax 0x00000055 js 00007F2890B7CFCEh 0x0000005b push ebx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3005B2 second address: 3005B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300A93 second address: 300A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300A98 second address: 300AC4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F28915552D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 72A799E0h 0x00000013 jng 00007F28915552DBh 0x00000019 mov edx, 23C27900h 0x0000001e push CF6E73C6h 0x00000023 pushad 0x00000024 jnc 00007F28915552DCh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300C1D second address: 300C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300C21 second address: 300C25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300C25 second address: 300C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 jnp 00007F2890B7CFC6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F2890B7CFCCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300C3F second address: 300C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 300E1F second address: 300E29 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2890B7CFCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3012E1 second address: 301327 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F28915552D6h 0x00000009 jmp 00007F28915552E6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 add edx, dword ptr [ebp+122D1877h] 0x0000001a push 0000001Eh 0x0000001c mov cx, si 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 jmp 00007F28915552E1h 0x00000028 pop esi 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301327 second address: 301331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301331 second address: 301335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30148D second address: 301493 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 301493 second address: 301498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 30169E second address: 3016BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2890B7CFD3h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3016BD second address: 3016C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3016C1 second address: 3016C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3016C7 second address: 301747 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F28915552D6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F28915552D8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push eax 0x0000002a pushad 0x0000002b jmp 00007F28915552E6h 0x00000030 push ecx 0x00000031 pop edi 0x00000032 popad 0x00000033 pop ecx 0x00000034 lea eax, dword ptr [ebp+1247C0B7h] 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007F28915552D8h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 00000016h 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 push eax 0x00000055 push esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F28915552DCh 0x0000005d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 339DF6 second address: 339E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F2890B7CFCCh 0x0000000d jnc 00007F2890B7CFCEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33A22C second address: 33A230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33A392 second address: 33A3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2890B7CFCAh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33A3A0 second address: 33A3AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F28915552D8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33A3AE second address: 33A3CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F2890B7CFC6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jns 00007F2890B7CFC8h 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33A3CB second address: 33A3CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 341140 second address: 341147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 341147 second address: 341155 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F28915552D8h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33FE08 second address: 33FE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 33FF3C second address: 33FF5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F28915552E2h 0x00000008 jmp 00007F28915552DBh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 340414 second address: 340419 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 340811 second address: 340817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 340817 second address: 34081B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34081B second address: 34082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34082A second address: 34082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34082E second address: 340834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 340834 second address: 340847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F2890B7CFCAh 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34098E second address: 3409BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F28915552E3h 0x00000009 jmp 00007F28915552E8h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346429 second address: 346446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2890B7CFD3h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3465B8 second address: 3465BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3465BC second address: 3465D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jne 00007F2890B7CFD2h 0x0000000d jo 00007F2890B7CFC6h 0x00000013 jno 00007F2890B7CFC6h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3465D9 second address: 3465DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346910 second address: 346914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346BF4 second address: 346BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346BF8 second address: 346C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2890B7CFC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346D66 second address: 346D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F28915552D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346D72 second address: 346D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 346D7A second address: 346D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F28915552D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 347086 second address: 34708B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3474FC second address: 347504 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34A978 second address: 34A97D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34AACA second address: 34AAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007F28915552D6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34AAD9 second address: 34AAE8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F2890B7CFC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 34CF21 second address: 34CF39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F28915552E4h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35235F second address: 35236F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F2890B7CFC6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35236F second address: 352373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35248A second address: 35248E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35248E second address: 3524AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F28915552D6h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3524AA second address: 3524B8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2890B7CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3524B8 second address: 3524BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35296C second address: 352972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 352972 second address: 352976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 352976 second address: 35297A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35297A second address: 35298A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push edx 0x00000008 jl 00007F28915552DCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3003A8 second address: 300422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edx 0x00000009 call 00007F2890B7CFC8h 0x0000000e pop edx 0x0000000f mov dword ptr [esp+04h], edx 0x00000013 add dword ptr [esp+04h], 0000001Ch 0x0000001b inc edx 0x0000001c push edx 0x0000001d ret 0x0000001e pop edx 0x0000001f ret 0x00000020 jmp 00007F2890B7CFD1h 0x00000025 lea eax, dword ptr [ebp+1247C073h] 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F2890B7CFC8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 call 00007F2890B7CFCCh 0x0000004a cmc 0x0000004b pop edi 0x0000004c push eax 0x0000004d js 00007F2890B7CFCEh 0x00000053 push ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 357578 second address: 35757C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35757C second address: 35758E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F2890B7CFCEh 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35758E second address: 357592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 357592 second address: 3575C1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2890B7CFC8h 0x00000008 jmp 00007F2890B7CFCFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007F2890B7CFDAh 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007F2890B7CFC6h 0x0000001d jl 00007F2890B7CFC6h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356C58 second address: 356C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356C5C second address: 356C66 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2890B7CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356C66 second address: 356C93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F28915552D6h 0x00000009 jmp 00007F28915552E9h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356C93 second address: 356C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356C99 second address: 356CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356DE9 second address: 356DEF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356DEF second address: 356E39 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F28915552DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jmp 00007F28915552E8h 0x00000011 jmp 00007F28915552E3h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b js 00007F28915552D6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356E39 second address: 356E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 356E3D second address: 356E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3572A8 second address: 3572AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3572AC second address: 3572CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F28915552E9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35B41D second address: 35B426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35B426 second address: 35B42B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 2CB1EC second address: 2CB226 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F2890B7CFC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F2890B7CFD4h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2890B7CFD4h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35A9B1 second address: 35A9B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35ACA0 second address: 35ACA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35ACA4 second address: 35ACB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F28915552D6h 0x0000000d jp 00007F28915552D6h 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35ACB8 second address: 35ACCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2890B7CFD0h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35AE04 second address: 35AE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F28915552D6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007F28915552D6h 0x00000012 jmp 00007F28915552E9h 0x00000017 jmp 00007F28915552E3h 0x0000001c popad 0x0000001d push edx 0x0000001e jmp 00007F28915552DDh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 35AFD0 second address: 35AFD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 364A23 second address: 364A3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F28915552E5h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 364A3E second address: 364A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 362A54 second address: 362A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 362B97 second address: 362BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 jp 00007F2890B7CFC6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 362BAF second address: 362BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F28915552E2h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 362D0D second address: 362D21 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2890B7CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2890B7CFCAh 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3631E7 second address: 3631F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F28915552D6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3631F1 second address: 3631F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3631F5 second address: 363205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007F28915552D6h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 363205 second address: 36320F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2890B7CFC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 36355E second address: 363564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 363564 second address: 36356C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 36382A second address: 363837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F28915552D8h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3646BE second address: 3646C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3646C2 second address: 3646DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jl 00007F28915552D6h 0x0000000f jmp 00007F28915552DAh 0x00000014 pop esi 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 367974 second address: 367998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 ja 00007F2890B7CFD5h 0x0000000b pushad 0x0000000c push esi 0x0000000d jne 00007F2890B7CFC6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 367998 second address: 3679C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jmp 00007F28915552E5h 0x0000000b jmp 00007F28915552DAh 0x00000010 pop edx 0x00000011 jo 00007F28915552DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 367B45 second address: 367B4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 367B4B second address: 367B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 367CB7 second address: 367CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 368326 second address: 36832C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 36832C second address: 368334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 36E631 second address: 36E64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28915552E9h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 36E64F second address: 36E659 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2890B7CFDDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 375E7F second address: 375E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 375E84 second address: 375E90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2890B7CFC6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3762B3 second address: 3762B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3762B7 second address: 3762E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F2890B7CFDBh 0x0000000e jmp 00007F2890B7CFD5h 0x00000013 je 00007F2890B7CFC8h 0x00000019 pushad 0x0000001a popad 0x0000001b push edi 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 376708 second address: 37670C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37670C second address: 376746 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jno 00007F2890B7CFC6h 0x00000012 jmp 00007F2890B7CFD3h 0x00000017 pop ebx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 377044 second address: 377057 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F28915552DFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 377057 second address: 37706D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F2890B7CFCCh 0x0000000e pop ebx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37706D second address: 377086 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F28915552DCh 0x00000008 js 00007F28915552D6h 0x0000000e pushad 0x0000000f jne 00007F28915552D6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37779A second address: 37779E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37779E second address: 3777A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37D255 second address: 37D26B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37E913 second address: 37E92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jne 00007F28915552D6h 0x0000000c popad 0x0000000d jc 00007F28915552DAh 0x00000013 pushad 0x00000014 popad 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 37E92A second address: 37E930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38BF2E second address: 38BF4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F28915552E6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38C0B1 second address: 38C0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ebx 0x00000008 push ecx 0x00000009 jmp 00007F2890B7CFCAh 0x0000000e pushad 0x0000000f jbe 00007F2890B7CFC6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38C0CD second address: 38C0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38ED7B second address: 38ED81 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38ED81 second address: 38ED86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38ED86 second address: 38ED8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38EEE9 second address: 38EEED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38EEED second address: 38EF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2890B7CFC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2890B7CFCFh 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007F2890B7CFC6h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 38EF10 second address: 38EF16 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 39C962 second address: 39C96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 39C96C second address: 39C972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 39C972 second address: 39C97C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 39C97C second address: 39C99B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F28915552E3h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 39E061 second address: 39E069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A2E77 second address: 3A2E97 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F28915552E8h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F28915552E0h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A74BD second address: 3A74C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A74C1 second address: 3A74C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A74C5 second address: 3A74CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7767 second address: 3A7771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7771 second address: 3A7777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78C1 second address: 3A78C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78C7 second address: 3A78D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2890B7CFC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78D3 second address: 3A78DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78DC second address: 3A78E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2890B7CFC6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78E6 second address: 3A78EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78EA second address: 3A78F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78F0 second address: 3A78F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78F6 second address: 3A78FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A78FA second address: 3A78FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7A57 second address: 3A7A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7A5D second address: 3A7A62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7A62 second address: 3A7A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F2890B7CFC6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7A73 second address: 3A7A77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7A77 second address: 3A7A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7BEC second address: 3A7BF6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F28915552D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7DB0 second address: 3A7DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7DB4 second address: 3A7DBE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7DBE second address: 3A7DD3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2890B7CFCCh 0x00000008 jng 00007F2890B7CFC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A7DD3 second address: 3A7DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F28915552D6h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A8937 second address: 3A893B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A893B second address: 3A893F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A893F second address: 3A8945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3A8945 second address: 3A8963 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F28915552E9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3AC4C4 second address: 3AC4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3AC0D2 second address: 3AC0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3AF7EA second address: 3AF7F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3AF7F0 second address: 3AF7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3AF7FA second address: 3AF810 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2890B7CFD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3C992C second address: 3C994A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F28915552E8h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3C994A second address: 3C9959 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F2890B7CFC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3CBACC second address: 3CBADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F28915552DAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E00DB second address: 3E00DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E00DF second address: 3E00E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E00E5 second address: 3E00EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E00EA second address: 3E00F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E0551 second address: 3E0562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2890B7CFC6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E0562 second address: 3E0568 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E092C second address: 3E0931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E0931 second address: 3E093D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F28915552D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E4B27 second address: 3E4B2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E5091 second address: 3E5097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E5097 second address: 3E509B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E64F7 second address: 3E650C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F28915552D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jno 00007F28915552D6h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E650C second address: 3E6511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E6511 second address: 3E6537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007F28915552D6h 0x00000009 pop eax 0x0000000a jo 00007F28915552D8h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 jmp 00007F28915552DBh 0x0000001c pop esi 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E6537 second address: 3E653F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E653F second address: 3E6544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E6544 second address: 3E6563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2890B7CFD9h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E6563 second address: 3E656C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E8416 second address: 3E841A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3E841A second address: 3E8427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 304499 second address: 3044A3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2890B7CFC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRDTSC instruction interceptor: First address: 3047BB second address: 3047C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSpecial instruction interceptor: First address: 1579B2 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSpecial instruction interceptor: First address: 2F7719 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSpecial instruction interceptor: First address: 31FF0F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSpecial instruction interceptor: First address: 30051A instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSpecial instruction interceptor: First address: 3838A6 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015A182 rdtsc 5_2_0015A182
      Source: C:\Users\user\Desktop\pJRiqnTih0.exe TID: 7280Thread sleep time: -90000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exe TID: 7280Thread sleep time: -30000s >= -30000sJump to behavior
      Source: pJRiqnTih0.exe, pJRiqnTih0.exe, 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F78000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt
      Source: pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: pJRiqnTih0.exe, 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile opened: SICE
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0015A182 rdtsc 5_2_0015A182
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeCode function: 5_2_0013C1F0 LdrInitializeThunk,5_2_0013C1F0

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: pJRiqnTih0.exeString found in binary or memory: rapeflowwj.lat
      Source: pJRiqnTih0.exeString found in binary or memory: crosshuaht.lat
      Source: pJRiqnTih0.exeString found in binary or memory: sustainskelet.lat
      Source: pJRiqnTih0.exeString found in binary or memory: aspecteirs.lat
      Source: pJRiqnTih0.exeString found in binary or memory: energyaffai.lat
      Source: pJRiqnTih0.exeString found in binary or memory: necklacebudi.lat
      Source: pJRiqnTih0.exeString found in binary or memory: discokeyus.lat
      Source: pJRiqnTih0.exeString found in binary or memory: grannyejh.lat
      Source: pJRiqnTih0.exeString found in binary or memory: sweepyribs.lat
      Source: pJRiqnTih0.exe, pJRiqnTih0.exe, 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: oProgram Manager
      Source: C:\Users\user\Desktop\pJRiqnTih0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter
      1
      DLL Side-Loading
      1
      Process Injection
      24
      Virtualization/Sandbox Evasion
      OS Credential Dumping641
      Security Software Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell
      Boot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Process Injection
      LSASS Memory24
      Virtualization/Sandbox Evasion
      Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information
      Security Account Manager2
      Process Discovery
      SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook5
      Obfuscated Files or Information
      NTDS23
      System Information Discovery
      Distributed Component Object ModelInput Capture114
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing
      LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading
      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      pJRiqnTih0.exe57%VirustotalBrowse
      pJRiqnTih0.exe63%ReversingLabsWin32.Trojan.Generic
      pJRiqnTih0.exe100%AviraTR/Crypt.XPACK.Gen
      pJRiqnTih0.exe100%Joe Sandbox ML
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      23.55.153.106
      truefalse
        high
        lev-tolstoi.com
        172.67.157.254
        truefalse
          high
          sustainskelet.lat
          unknown
          unknownfalse
            high
            crosshuaht.lat
            unknown
            unknownfalse
              high
              rapeflowwj.lat
              unknown
              unknownfalse
                high
                grannyejh.lat
                unknown
                unknownfalse
                  high
                  aspecteirs.lat
                  unknown
                  unknownfalse
                    high
                    sweepyribs.lat
                    unknown
                    unknownfalse
                      high
                      discokeyus.lat
                      unknown
                      unknownfalse
                        high
                        energyaffai.lat
                        unknown
                        unknownfalse
                          high
                          necklacebudi.lat
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            necklacebudi.latfalse
                              high
                              aspecteirs.latfalse
                                high
                                sweepyribs.latfalse
                                  high
                                  sustainskelet.latfalse
                                    high
                                    crosshuaht.latfalse
                                      high
                                      rapeflowwj.latfalse
                                        high
                                        https://steamcommunity.com/profiles/76561199724331900false
                                          high
                                          energyaffai.latfalse
                                            high
                                            https://lev-tolstoi.com/apifalse
                                              high
                                              grannyejh.latfalse
                                                high
                                                discokeyus.latfalse
                                                  high
                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://steamcommunity.com/my/wishlist/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amppJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://steamcommunity.com/?subsection=broadcastspJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://help.steampowered.com/en/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://steamcommunity.com/market/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://store.steampowered.com/news/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://lev-tolstoi.com/piKpJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=epJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://lev-tolstoi.com/apippJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://store.steampowered.com/subscriber_agreement/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://store.steampowered.com/subscriber_agreement/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.valvesoftware.com/legal.htmpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://steamcommunity.com/discussions/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://store.steampowered.com/stats/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&ampJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&apJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://store.steampowered.com/steam_refunds/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&apJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=epJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englpJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englispJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://steamcommunity.com/workshop/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://store.steampowered.com/legal/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://lev-tolstoi.com/cpJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://lev-tolstoi.com/pi;pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://rapeflowwj.lat/apipJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://lev-tolstoi.com/:pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&apJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://lev-tolstoi.com/3pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://lev-tolstoi.com/pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000FA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://store.steampowered.com/privacy_agreement/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://store.steampowered.com/points/shop/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://store.steampowered.com/pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&apJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://lev-tolstoi.com/CpJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgpJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://store.steampowered.com/privacy_agreement/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://lev-tolstoi.com/api4pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://lev-tolstoi.com/piBU:pJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000F92000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&ampJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amppJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://store.steampowered.com/account/cookiepreferences/pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1372918230.0000000001022000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000002.1384829751.0000000000F87000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://store.steampowered.com/mobilepJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://steamcommunity.com/pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81pJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://lev-tolstoi.com/pipJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000F92000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1373035231.0000000000F92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://steamcommunity.com/xpJRiqnTih0.exe, 00000005.00000002.1384876440.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367195224.0000000000FC6000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1381628465.0000000000FC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://store.steampowered.com/about/pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lpJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://steamcommunity.com/profiles/76561199724331900/badgespJRiqnTih0.exe, 00000005.00000003.1367020560.000000000101A000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1367058247.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp, pJRiqnTih0.exe, 00000005.00000003.1366975833.0000000001017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                    • 75% < No. of IPs
                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                    172.67.157.254
                                                                                                                                                                                                    lev-tolstoi.comUnited States
                                                                                                                                                                                                    13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                    steamcommunity.comUnited States
                                                                                                                                                                                                    20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                    Analysis ID:1579688
                                                                                                                                                                                                    Start date and time:2024-12-23 07:35:22 +01:00
                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 5m 21s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                    Number of analysed new started processes analysed:12
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Sample name:pJRiqnTih0.exe
                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                    Original Sample Name:3ec4a2254f27c1276d3f806071827e5a.exe
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    01:36:19API Interceptor4x Sleep call for process: pJRiqnTih0.exe modified
                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    172.67.157.254xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        23.55.153.1065XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            lev-tolstoi.comxxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            steamcommunity.com5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            AKAMAI-ASN1EU5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            CLOUDFLARENETUSxxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.21.6.116
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e15XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            No context
                                                                                                                                                                                                                                            No created / dropped files found
                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):7.948661911106091
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                            File name:pJRiqnTih0.exe
                                                                                                                                                                                                                                            File size:1'832'960 bytes
                                                                                                                                                                                                                                            MD5:3ec4a2254f27c1276d3f806071827e5a
                                                                                                                                                                                                                                            SHA1:d765545998552b85df53ba7c1bd30dd28ddb9c7c
                                                                                                                                                                                                                                            SHA256:95781d4624835c84bc6db057875e60a1fa744e3ead2541082062c7205ccaee94
                                                                                                                                                                                                                                            SHA512:87707a2de5b1000adb45d54f1a6bc75c235473b56ebb3e44ba70e38c0a1b6f42f6e1af368b9d10ec4a70cfb536b849833eef9cd1e606f72e0f8587e01096c0d2
                                                                                                                                                                                                                                            SSDEEP:49152:SEgv4FAIPY2yw5HZkyslPyA9218Pi6IGD0Qpha0zOo07:Lgv4FrQ2yw55olPya7PR6+a0zOb
                                                                                                                                                                                                                                            TLSH:2285339CB503CA14EF4E0D705B4B2E519F962BC880EAA532773149FA50ED6D7CBC2C98
                                                                                                                                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................H...........@...........................H.....O.....@.................................T0..h..
                                                                                                                                                                                                                                            Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                            Entrypoint:0x88b000
                                                                                                                                                                                                                                            Entrypoint Section:.taggant
                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            jmp 00007F2891290E6Ah
                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1ac.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            0x10000x510000x2480018debbb9af33a288714e74cc5788509dFalse0.9973646190068494data7.983885313973789IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .rsrc0x520000x1ac0x20075720b8ea60aa06a31806981b744f74eFalse0.5390625data5.245569576626531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            0x540000x29e0000x200adc2e017a60a10fc20a4dd9807f5c459unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            rczjfdms0x2f20000x1980000x19720034135014f37f9ec5c0e252118eb55e88False0.9942407698802579data7.954404428640237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            hjhfoolw0x48a0000x10000x6008652f49cb5672a1628b9926fd35afcf0False0.5885416666666666data5.0771288277770275IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .taggant0x48b0000x30000x22007e90953f1a74d2171abb789916dfc581False0.059283088235294115DOS executable (COM)0.753394073159823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_MANIFEST0x520580x152ASCII text, with CRLF line terminators0.6479289940828402
                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            kernel32.dlllstrcpy
                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                            2024-12-23T07:36:20.897594+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.7631511.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:21.472178+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.7588281.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:21.660685+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.7626541.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:21.852899+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.7533681.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:22.289844+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.7535591.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:22.436880+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.7551461.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:22.577250+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.7624311.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:22.717509+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.7606701.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:22.859840+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.7554001.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-23T07:36:24.544136+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74969923.55.153.106443TCP
                                                                                                                                                                                                                                            2024-12-23T07:36:25.336411+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.74969923.55.153.106443TCP
                                                                                                                                                                                                                                            2024-12-23T07:36:27.232236+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749700172.67.157.254443TCP
                                                                                                                                                                                                                                            2024-12-23T07:36:28.269004+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749700172.67.157.254443TCP
                                                                                                                                                                                                                                            2024-12-23T07:36:28.269004+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749700172.67.157.254443TCP
                                                                                                                                                                                                                                            2024-12-23T07:36:28.865574+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749702172.67.157.254443TCP
                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.144928932 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.144972086 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.145080090 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.149490118 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.149503946 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.542172909 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.544136047 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.547454119 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.547481060 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.547802925 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.624635935 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:24.667341948 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336452007 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336488962 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336496115 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336514950 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336523056 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336677074 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336677074 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336695910 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.336744070 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.509557962 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.509596109 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.509686947 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.509702921 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.509804964 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.539129972 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.539189100 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.539247036 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.539288998 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.539288998 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.834676027 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.834706068 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.834719896 CET49699443192.168.2.723.55.153.106
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.834727049 CET4434969923.55.153.106192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.013819933 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.013865948 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.013958931 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.015054941 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.015065908 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.232044935 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.232235909 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.235230923 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.235250950 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.235554934 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.236913919 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.236975908 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:27.236996889 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269016027 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269100904 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269188881 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269475937 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269493103 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269510984 CET49700443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.269527912 CET44349700172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.307051897 CET49702443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.307092905 CET44349702172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.307276964 CET49702443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.307729959 CET49702443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.307742119 CET44349702172.67.157.254192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:28.865573883 CET49702443192.168.2.7172.67.157.254
                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:20.897593975 CET6315153192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.035444021 CET53631511.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.472177982 CET5882853192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.616266012 CET53588281.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.660685062 CET6265453192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.797687054 CET53626541.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.852899075 CET5336853192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.989840984 CET53533681.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.289844036 CET5355953192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.429266930 CET53535591.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.436880112 CET5514653192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.574629068 CET53551461.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.577250004 CET6243153192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.715090990 CET53624311.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.717509031 CET6067053192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.854984999 CET53606701.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.859839916 CET5540053192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.998337984 CET53554001.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.001396894 CET6196253192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.138272047 CET53619621.1.1.1192.168.2.7
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.865911007 CET5938153192.168.2.71.1.1.1
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.003508091 CET53593811.1.1.1192.168.2.7
                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:20.897593975 CET192.168.2.71.1.1.10x2d29Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.472177982 CET192.168.2.71.1.1.10xf6b0Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.660685062 CET192.168.2.71.1.1.10x8d61Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.852899075 CET192.168.2.71.1.1.10x8afaStandard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.289844036 CET192.168.2.71.1.1.10xa97aStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.436880112 CET192.168.2.71.1.1.10x30aStandard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.577250004 CET192.168.2.71.1.1.10x74b7Standard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.717509031 CET192.168.2.71.1.1.10x633aStandard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.859839916 CET192.168.2.71.1.1.10xa5edStandard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.001396894 CET192.168.2.71.1.1.10x6f7fStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:25.865911007 CET192.168.2.71.1.1.10x976dStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.035444021 CET1.1.1.1192.168.2.70x2d29Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.616266012 CET1.1.1.1192.168.2.70xf6b0Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.797687054 CET1.1.1.1192.168.2.70x8d61Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:21.989840984 CET1.1.1.1192.168.2.70x8afaName error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.429266930 CET1.1.1.1192.168.2.70xa97aName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.574629068 CET1.1.1.1192.168.2.70x30aName error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.715090990 CET1.1.1.1192.168.2.70x74b7Name error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.854984999 CET1.1.1.1192.168.2.70x633aName error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:22.998337984 CET1.1.1.1192.168.2.70xa5edName error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:23.138272047 CET1.1.1.1192.168.2.70x6f7fNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.003508091 CET1.1.1.1192.168.2.70x976dNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 23, 2024 07:36:26.003508091 CET1.1.1.1192.168.2.70x976dNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                                                            • lev-tolstoi.com
                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.74969923.55.153.1064436404C:\Users\user\Desktop\pJRiqnTih0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-23 06:36:24 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                                                            2024-12-23 06:36:25 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Date: Mon, 23 Dec 2024 06:36:25 GMT
                                                                                                                                                                                                                                            Content-Length: 35121
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: sessionid=0cd5310473ccdae155479767; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                            2024-12-23 06:36:25 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                            2024-12-23 06:36:25 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                            Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                            2024-12-23 06:36:25 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                            Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.749700172.67.157.2544436404C:\Users\user\Desktop\pJRiqnTih0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-23 06:36:27 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-23 06:36:27 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                            2024-12-23 06:36:28 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Mon, 23 Dec 2024 06:36:28 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=bsica55cs0pronjkdt87pgfofb; expires=Fri, 18 Apr 2025 00:23:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Xp4r9Ltn%2BWYjzfBxDBZ4kBq%2BRq495Ug7DcBnHqJUz2LsEGsHyZ4Rkc4IiagEatHSYwDQjsYsmQGCiOw4Hj8pqQaij7a5ZkI11Fqpj5njdHXFZv2BqAr%2F1hw5VcBKF3gQHk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f66565fe9987c82-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1977&min_rtt=1972&rtt_var=749&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1450571&cwnd=212&unsent_bytes=0&cid=b32e89f980d67847&ts=1048&x=0"
                                                                                                                                                                                                                                            2024-12-23 06:36:28 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                            2024-12-23 06:36:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                            Start time:01:36:17
                                                                                                                                                                                                                                            Start date:23/12/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\pJRiqnTih0.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\pJRiqnTih0.exe"
                                                                                                                                                                                                                                            Imagebase:0x100000
                                                                                                                                                                                                                                            File size:1'832'960 bytes
                                                                                                                                                                                                                                            MD5 hash:3EC4A2254F27C1276D3F806071827E5A
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:0.6%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:28.1%
                                                                                                                                                                                                                                              Total number of Nodes:64
                                                                                                                                                                                                                                              Total number of Limit Nodes:4
                                                                                                                                                                                                                                              execution_graph 21392 108850 21396 10885f 21392->21396 21393 108acf ExitProcess 21394 108ab8 21401 13c160 FreeLibrary 21394->21401 21396->21393 21396->21394 21400 10c550 CoInitializeEx 21396->21400 21401->21393 21402 135972 21403 13599b 21402->21403 21405 1359c4 21403->21405 21406 13c1f0 LdrInitializeThunk 21403->21406 21406->21403 21407 13e7d0 21408 13e800 21407->21408 21411 13e87f 21408->21411 21413 13c1f0 LdrInitializeThunk 21408->21413 21409 13e94e 21411->21409 21414 13c1f0 LdrInitializeThunk 21411->21414 21413->21411 21414->21409 21415 1588d1 21416 158c79 VirtualAlloc 21415->21416 21423 10e71b 21424 10e720 CoUninitialize 21423->21424 21425 10a03d 21426 10a130 21425->21426 21429 10acf0 21426->21429 21428 10a17f 21431 10ad80 21429->21431 21432 10ada5 21431->21432 21433 13c180 21431->21433 21432->21428 21434 13c1d0 21433->21434 21435 13c1ba 21433->21435 21436 13c198 21433->21436 21437 13c1c0 21433->21437 21440 13c1a6 21433->21440 21442 13c1d6 21433->21442 21448 13aaa0 21434->21448 21445 13aa80 21435->21445 21436->21434 21436->21437 21436->21440 21436->21442 21437->21431 21439 13aaa0 RtlFreeHeap 21443 13c1df 21439->21443 21444 13c1ab RtlReAllocateHeap 21440->21444 21442->21439 21444->21437 21452 13d810 21445->21452 21447 13aa8a RtlAllocateHeap 21447->21437 21449 13aab3 21448->21449 21450 13aac4 21448->21450 21451 13aab8 RtlFreeHeap 21449->21451 21450->21442 21451->21450 21453 13d830 21452->21453 21453->21447 21453->21453 21454 10c583 CoInitializeSecurity 21460 13c867 21461 13c8a0 21460->21461 21461->21461 21462 13c9fe 21461->21462 21464 13c1f0 LdrInitializeThunk 21461->21464 21464->21462 21465 13c767 21467 13c790 21465->21467 21466 13c80e 21467->21466 21469 13c1f0 LdrInitializeThunk 21467->21469 21469->21466 21470 13cce6 21471 13cd00 21470->21471 21473 13cd6e 21471->21473 21477 13c1f0 LdrInitializeThunk 21471->21477 21476 13c1f0 LdrInitializeThunk 21473->21476 21475 13ce4d 21476->21475 21477->21473 21478 13c58a 21480 13c460 21478->21480 21479 13c5f4 21480->21479 21480->21480 21483 13c1f0 LdrInitializeThunk 21480->21483 21482 13c54d 21483->21482

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 10acf0-10ad78 1 10ad80-10ad89 0->1 1->1 2 10ad8b-10ad9e 1->2 4 10b012-10b019 2->4 5 10ada5-10ada7 2->5 6 10b0e7-10b0f0 2->6 7 10b0f7-10b0fd 2->7 8 10adac-10afc7 2->8 9 10b09d-10b0b7 2->9 10 10b01e-10b096 call 107f00 2->10 11 10b0ff-10b10a 2->11 36 10b367-10b373 4->36 14 10b351-10b358 5->14 6->7 6->11 12 10b359-10b364 6->12 13 10b0be-10b0e2 call 13dbf0 6->13 16 10b330 6->16 17 10b212-10b224 6->17 18 10b332-10b335 6->18 19 10b295-10b2b4 6->19 20 10b2f5-10b31b 6->20 21 10b375 6->21 22 10b2d6-10b2df call 13c180 6->22 23 10b256-10b263 6->23 24 10b1d8-10b1df 6->24 25 10b33c 6->25 26 10b23c-10b254 call 13dbf0 6->26 27 10b37c 6->27 28 10b31d 6->28 29 10b341-10b344 6->29 30 10b1c4-10b1d1 6->30 31 10b268-10b289 call 13dbf0 6->31 32 10b1eb-10b1fa 6->32 33 10b22b-10b235 6->33 34 10b141-10b164 7->34 15 10afd0-10aff2 8->15 9->12 9->13 10->6 10->7 10->9 10->11 10->12 10->13 10->16 10->17 10->18 10->19 10->20 10->21 10->22 10->23 10->24 10->25 10->26 10->27 10->28 10->29 10->30 10->31 10->32 10->33 35 10b110-10b13a 11->35 12->36 13->12 15->15 41 10aff4-10afff 15->41 17->12 17->13 17->16 17->18 17->19 17->20 17->21 17->22 17->23 17->24 17->25 17->26 17->27 17->28 17->29 17->31 17->33 18->12 18->13 18->21 18->23 18->24 18->25 18->26 18->27 18->29 18->31 50 10b2bd-10b2cf 19->50 40 10b322-10b328 20->40 21->27 51 10b2e4-10b2ee 22->51 23->29 24->32 25->29 26->23 47 10b383 27->47 28->40 55 10b34b 29->55 30->12 30->13 30->21 30->24 30->27 30->31 31->19 54 10b201-10b20b 32->54 33->12 33->13 33->21 33->23 33->24 33->26 33->27 33->31 45 10b170-10b1a1 34->45 35->35 44 10b13c-10b13f 35->44 36->14 40->16 59 10b002-10b00b 41->59 44->34 45->45 52 10b1a3-10b1bd 45->52 47->47 50->12 50->13 50->16 50->18 50->20 50->21 50->22 50->23 50->24 50->25 50->26 50->27 50->28 50->29 50->31 51->12 51->13 51->16 51->18 51->20 51->21 51->23 51->24 51->25 51->26 51->27 51->28 51->29 51->31 52->12 52->13 52->16 52->17 52->18 52->19 52->20 52->21 52->22 52->23 52->24 52->25 52->26 52->27 52->28 52->29 52->30 52->31 52->32 52->33 54->12 54->13 54->16 54->17 54->18 54->19 54->20 54->21 54->22 54->23 54->24 54->25 54->26 54->27 54->28 54->29 54->31 54->33 55->14 59->4 59->6 59->7 59->9 59->10 59->11 59->12 59->13 59->16 59->17 59->18 59->19 59->20 59->21 59->22 59->23 59->24 59->25 59->26 59->27 59->28 59->29 59->30 59->31 59->32 59->33
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: &K M$&wXy$'sZu$/O_q$Jk"m$e7o9$h? !
                                                                                                                                                                                                                                              • API String ID: 0-2986092683
                                                                                                                                                                                                                                              • Opcode ID: 0a33f766023870fdcd9f3ba27ddec47d26e1a8822ef77d3ed7655d127c2e148b
                                                                                                                                                                                                                                              • Instruction ID: 115d2514fc6ef5cef22732d94c19ae1768d9a51eb9a931c91f1bfdc3ab90ad04
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a33f766023870fdcd9f3ba27ddec47d26e1a8822ef77d3ed7655d127c2e148b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F20266B5204B01CFD324CF25D895B97BBF1FB45304F148A2CE5AA8BAA0DBB5A945CF50

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 90 108850-108861 call 13bc60 93 108867-10888f call 108020 90->93 94 108acf-108ad7 ExitProcess 90->94 97 108890-1088cb 93->97 98 108904-108916 call 1354e0 97->98 99 1088cd-108902 97->99 102 108ab8-108abf 98->102 103 10891c-10893f 98->103 99->97 104 108ac1-108ac7 call 108030 102->104 105 108aca call 13c160 102->105 111 108941-108943 103->111 112 108945-108a3b 103->112 104->105 105->94 111->112 115 108a6b-108aac call 109b00 112->115 116 108a3d-108a69 112->116 115->102 119 108aae call 10c550 115->119 116->115 121 108ab3 call 10b390 119->121 121->102
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 00108AD2
                                                                                                                                                                                                                                                • Part of subcall function 0010C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0010C563
                                                                                                                                                                                                                                                • Part of subcall function 0010B390: FreeLibrary.KERNEL32(00108AB8), ref: 0010B396
                                                                                                                                                                                                                                                • Part of subcall function 0010B390: FreeLibrary.KERNEL32 ref: 0010B3B7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary$ExitInitializeProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3534244204-0
                                                                                                                                                                                                                                              • Opcode ID: a5fbb6cdc4b76ec7482cb8910ffea2afbd49bd6afce3003093ed024b8265910f
                                                                                                                                                                                                                                              • Instruction ID: 03927cb251e2f1dd9f87e24ae9c514336a1ff37691c819c6d430853f5a4748b7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5fbb6cdc4b76ec7482cb8910ffea2afbd49bd6afce3003093ed024b8265910f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 805197B7F146180BD71CAAB98C567AA75878BC5720F1F813E5980EB7D6EEB48C0642C1

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 142 13c1f0-13c222 LdrInitializeThunk
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LdrInitializeThunk.NTDLL(0013E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0013C21E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: ,+*)
                                                                                                                                                                                                                                              • API String ID: 0-3529585375
                                                                                                                                                                                                                                              • Opcode ID: 9e74d32bcf53edac0162c9023fe4c6ef53a4b94756772b11f777a10b3a562e69
                                                                                                                                                                                                                                              • Instruction ID: 5b695fa88e15992b1b6ef3d2c8b7d21ee1694bc82b009af602b80f75a21c0d07
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e74d32bcf53edac0162c9023fe4c6ef53a4b94756772b11f777a10b3a562e69
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC31A539B402119BEB18CF58CC91BBEB7B2BB49700F24916CD501B73D0CB75AD018790
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: o`
                                                                                                                                                                                                                                              • API String ID: 0-3993896143
                                                                                                                                                                                                                                              • Opcode ID: e68f185a7efd1e4546ca274edc2ba9fbe0c9de133e001583f4a74efaea2eac3c
                                                                                                                                                                                                                                              • Instruction ID: e593fcd3a1de43dbadd38edb4b695a39e6f4cc88c21cd9b8502e2566ba4de5e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e68f185a7efd1e4546ca274edc2ba9fbe0c9de133e001583f4a74efaea2eac3c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A11C270218340AFC300CF65DDC1B6ABFE29BC6204F55983DE195A72A1C675E9899715
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 753802d7d75000aa9d2fa008f81bdc33ed17d1b6ab0d421587fdfac1d7a37a3f
                                                                                                                                                                                                                                              • Instruction ID: 531c031725be80806943fcbd3e021c501fd6df43adf6cbb4ec538c5bd8f4f71c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 753802d7d75000aa9d2fa008f81bdc33ed17d1b6ab0d421587fdfac1d7a37a3f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E110475A8D3408FD314DF65D9812ABBBD2EBD6310F08552CE1D5AB3A1C774990E8B07

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 123 13c180-13c191 124 13c1d0-13c1d6 call 13aaa0 123->124 125 13c1a6-13c1b8 call 13d810 RtlReAllocateHeap 123->125 126 13c1c5 123->126 127 13c1cb 123->127 128 13c1ba-13c1bb call 13aa80 123->128 129 13c1d9-13c1df call 13aaa0 123->129 130 13c198-13c19f 123->130 124->129 131 13c1cd-13c1cf 125->131 126->127 127->131 139 13c1c0-13c1c3 128->139 130->124 130->125 130->126 130->127 130->129 139->131
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlReAllocateHeap.NTDLL(?,00000000,?,00000000,?,?,0010B2E4,00000000,00000001), ref: 0013C1B2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: 251470d329c4221040643ad1dacedcacfe1a64c86c160cf6b8c018474a39a048
                                                                                                                                                                                                                                              • Instruction ID: 2bf84d182e2b43253fd494ac5cf207ba7879ff98bbc1d22c3b5cc1ddc6332594
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 251470d329c4221040643ad1dacedcacfe1a64c86c160cf6b8c018474a39a048
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDF02777808211EFD2002F34BC02E6B36A8AF97B21F824874F80157562D732D851E6E3

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 140 10c550-10c580 CoInitializeEx
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0010C563
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                                              • Opcode ID: 5836456c589cf8407ad24504b801ead042f3613afb2f6cb2041d366723f785d0
                                                                                                                                                                                                                                              • Instruction ID: 9f02bd04957d06f8148d079d403bd2efc651a34882ceed97afb5b19963048651
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5836456c589cf8407ad24504b801ead042f3613afb2f6cb2041d366723f785d0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12D0A7221A010867D1086229DC47F22731C8B83769F50421DE2B6C65E1D940AA25D5B2

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 141 10c583-10c5b2 CoInitializeSecurity
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0010C596
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeSecurity
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 640775948-0
                                                                                                                                                                                                                                              • Opcode ID: 542cd058113103e688c5648d1f9a70a3be0aa91db3d18243a26ea4c305a1a855
                                                                                                                                                                                                                                              • Instruction ID: ffaf23916aeb34e147fa7380a8f487b275cc0b3ae7a10de864f71fe78a3edf2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 542cd058113103e688c5648d1f9a70a3be0aa91db3d18243a26ea4c305a1a855
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6D0C9353D5342B6F5389608DC53F1422009702F58F341A08B372FE7E0C8D17242850C

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 143 13aaa0-13aaac 144 13aab3-13aabe call 13d810 RtlFreeHeap 143->144 145 13aac4-13aac5 143->145 144->145
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?,0013C1D6,?,0010B2E4,00000000,00000001), ref: 0013AABE
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                                              • Opcode ID: c304b4a2e79186dcda23d8011520c8e89ffae18b66419844fd15042183efbd6c
                                                                                                                                                                                                                                              • Instruction ID: 3e7ac9945209843662f029d828205e21934e670c133dd62131396acf3b34d642
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c304b4a2e79186dcda23d8011520c8e89ffae18b66419844fd15042183efbd6c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53D01231505522EFC6111F34FC06B863A58EF0A761F0748A1F4006F4B1C761ECE086D0

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 148 13aa80-13aa97 call 13d810 RtlAllocateHeap
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?,?,0013C1C0), ref: 0013AA90
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: d22ab15fa5d56a242a7999cfda77a6745c339f21fec6c464d8a6cf77c4e36773
                                                                                                                                                                                                                                              • Instruction ID: 8a371a57af6a0bd523bed0a0d31f5041abe47fd19219dfcc64e6a832d9c1aa08
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d22ab15fa5d56a242a7999cfda77a6745c339f21fec6c464d8a6cf77c4e36773
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23C04831045220AACA112B26FC09BCA3A68AF55662F0244A1F5046B0B2CB61ACA28A94
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000), ref: 00158EFF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                              • Opcode ID: e025f0ff1f22141d645484f1456783112d7098260357ed6dabb1fc1f8a340f3d
                                                                                                                                                                                                                                              • Instruction ID: 84ea0fc548a9ae06e5645b055767e2ba5cee90540b851dc8fdc82ca3e103cbbe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e025f0ff1f22141d645484f1456783112d7098260357ed6dabb1fc1f8a340f3d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1F01CB244C204DEE7112E24A8817BABBF0EB04315F12092DDE95A9A40D73648589656
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3861434553-0
                                                                                                                                                                                                                                              • Opcode ID: f6038b51408df79b65393b966fd268f5d3a7b3bb01c649697ee14d84d23749b1
                                                                                                                                                                                                                                              • Instruction ID: 00ed5106d5f93dc95cf2f08eb5189eea091c92c6087fd5842e3c767481cbe714
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6038b51408df79b65393b966fd268f5d3a7b3bb01c649697ee14d84d23749b1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66C09B7636515297E3848734DD764267315970634D3102F14D127C6B74CD5165515549
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                              • API String ID: 0-2905094782
                                                                                                                                                                                                                                              • Opcode ID: ebc8cbe88d37f0f0295cb855723cfaffb92878a6a11da2b37a587d5ea4969c51
                                                                                                                                                                                                                                              • Instruction ID: 8529e88a331df23756774f81c5724e906e61a62f0974a8348770eb7728e90186
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebc8cbe88d37f0f0295cb855723cfaffb92878a6a11da2b37a587d5ea4969c51
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 479297B5905229CBDB24CF59DC887DEBBB1FB85304F2082E8D4596B360DB754A86CF80
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                              • API String ID: 0-3225404442
                                                                                                                                                                                                                                              • Opcode ID: e903719d099551e7c315224cf83d5d4d7d9a4cce9400dfcfc5c334b0b6ad47c6
                                                                                                                                                                                                                                              • Instruction ID: 249ddf7c8a20f6a89f51bf6d79a1a17558518086ba0fb7eccc75f4e8192cd030
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e903719d099551e7c315224cf83d5d4d7d9a4cce9400dfcfc5c334b0b6ad47c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C29296B5905329CBDB24CF59D8987DEBBB1FB85304F2082E8D4596B360DB745A86CF80
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                              • API String ID: 0-1290103930
                                                                                                                                                                                                                                              • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                              • Instruction ID: 54b3519c3bfe1c81f06eeb7717bbe02412ee5c349a77b28958e7ce69f42be8da
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1A1C37024C3D18BC316CF7984A076BBFE1AF97314F588A6DE4D54B282D379890ACB52
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 1&nU$4%|$;_kw$?vu{$_=
                                                                                                                                                                                                                                              • API String ID: 0-435543807
                                                                                                                                                                                                                                              • Opcode ID: a472892b6520e96049874b76312bad2e33ed5143db23b8f1f81670fee957e62a
                                                                                                                                                                                                                                              • Instruction ID: 6ab4e0b50a682b32543940e2c36a49f5ee24aabaea96f1a53b75800081204cae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a472892b6520e96049874b76312bad2e33ed5143db23b8f1f81670fee957e62a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09B207F3A0C6009FE3046E2DEC8567ABBE5EF94720F1A453DE6C5C7744EA3598018697
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 5]^m$F8[t$b`~$p4}
                                                                                                                                                                                                                                              • API String ID: 0-3830103137
                                                                                                                                                                                                                                              • Opcode ID: 2632108632652237aa5d250c1709db85ba11329955466c2a2d330d4234856c6a
                                                                                                                                                                                                                                              • Instruction ID: 6ba89e4ed8fc06a3a59c9398d85b659e093027caf006ecf1a3f576892cdd18f5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2632108632652237aa5d250c1709db85ba11329955466c2a2d330d4234856c6a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47A2E0F290C2049FE304BE29EC8567AFBE5EF94720F16492DEAC5C7744EA3558448B87
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 34$C]$|F
                                                                                                                                                                                                                                              • API String ID: 0-2804560523
                                                                                                                                                                                                                                              • Opcode ID: 8091e4a3f60630cacb2b99adac36b664ba3661b69ecaf553105f544cd2c3f484
                                                                                                                                                                                                                                              • Instruction ID: 84724a9871eda5a1195502d444a7fb0c657303d84abb4a126002936eceec3e80
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8091e4a3f60630cacb2b99adac36b664ba3661b69ecaf553105f544cd2c3f484
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37C100B59183218BC724CF28D8816ABB3F2FF95314F58896CE8D58B390E774E945C792
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: A$Hnd$yszp
                                                                                                                                                                                                                                              • API String ID: 0-2830101580
                                                                                                                                                                                                                                              • Opcode ID: ed2f477d2cbb63605d95bee9d84028aa44887587f4227a8596403638b58c7d7e
                                                                                                                                                                                                                                              • Instruction ID: e62112b5c0507e282cf662c30cd5fb0b980070a49aaf69c060fc76be8b3c6269
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed2f477d2cbb63605d95bee9d84028aa44887587f4227a8596403638b58c7d7e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AA10F7190C3E18BD7358F2994603ABBBE1AF97304F1889ADD5C99B382D77584058B92
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                              • API String ID: 0-1379640984
                                                                                                                                                                                                                                              • Opcode ID: 37f0259fc8625fef5b2517a7fc5a0657925398cdad0e65a879345221d49de1df
                                                                                                                                                                                                                                              • Instruction ID: a6e03bd4e4537b79beb1fc95c76b60c535d3f4a6a5b1944896b354ff2f11b712
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37f0259fc8625fef5b2517a7fc5a0657925398cdad0e65a879345221d49de1df
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82811C6561455016C72CDF3488A333BBAD7AF94308B3991BEC995CFBABEA38C5028745
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: MZx$f
                                                                                                                                                                                                                                              • API String ID: 2994545307-3442120704
                                                                                                                                                                                                                                              • Opcode ID: beedea61e16817c37bfe37387ff17e1259891443155226f4656a0af9da1f84ac
                                                                                                                                                                                                                                              • Instruction ID: 735be9a1a8f47a9f8100cc087c5bd23766ff427b1c4d1a840c2c9f28be1ebb23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: beedea61e16817c37bfe37387ff17e1259891443155226f4656a0af9da1f84ac
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C112D37060C3418FD714CF28C8C166FBBE5AB99724F148A2DE6D5972A2E730DC45CB92
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: )$IEND
                                                                                                                                                                                                                                              • API String ID: 0-707183367
                                                                                                                                                                                                                                              • Opcode ID: 5f9fbd15804cfc4d84428c4710220bccfe9a9306391f36cccad712a96516faf1
                                                                                                                                                                                                                                              • Instruction ID: e52d267cf17c3eb976e6514d5bc9b72379f4c502c57afdaff2748a602691e6c5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f9fbd15804cfc4d84428c4710220bccfe9a9306391f36cccad712a96516faf1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D1AEB15083449FE720DF14D88575BBBE4AB94304F14892DFAD99B3C2E7B5D908CB92
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: l"._
                                                                                                                                                                                                                                              • API String ID: 0-2611888224
                                                                                                                                                                                                                                              • Opcode ID: 9eadf5f3aec40106f266e1b1430dd16f51690ef74d10e5ed9ed4dc33b005c3ec
                                                                                                                                                                                                                                              • Instruction ID: 7a222c4a75c856af7c4260e3bd769a70cb16ea4abf2045bea7e060d7efaf5cc3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eadf5f3aec40106f266e1b1430dd16f51690ef74d10e5ed9ed4dc33b005c3ec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42B2E5F360C6049FE304AE29EC8567AFBE9EF94720F16893DE6C4C7344EA7558418792
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "na$"na
                                                                                                                                                                                                                                              • API String ID: 0-1266850222
                                                                                                                                                                                                                                              • Opcode ID: 2518dbc33f9e05af006245aea480368b935adaf856f97a117401ca6d81508d7a
                                                                                                                                                                                                                                              • Instruction ID: 6d01fd2b4218760cf0e4e6d5ac09eeea964dd37e1e176703e161bda3170ae650
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2518dbc33f9e05af006245aea480368b935adaf856f97a117401ca6d81508d7a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16A16AB3F6162547F3584869CC683A2654397E1324F2F82788F5DABBC5D87E9C0A1388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: E$j+
                                                                                                                                                                                                                                              • API String ID: 0-14078216
                                                                                                                                                                                                                                              • Opcode ID: 80f479f6e1102b85e19ce034d8bcd286baf29924dff7ff4ffbf3044298c9e300
                                                                                                                                                                                                                                              • Instruction ID: 6c6459d7cae71801138b92403c1e812104226e4cef51e92cd1ea8229df1c85a4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80f479f6e1102b85e19ce034d8bcd286baf29924dff7ff4ffbf3044298c9e300
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97816DF7F111144BF3444969CC583617293EBE5314F2F81789B48AB7C5D97E9C0A9788
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: d$d
                                                                                                                                                                                                                                              • API String ID: 0-195624457
                                                                                                                                                                                                                                              • Opcode ID: 6e91f6ba3a656c9c59707a3a2502e8aa5c0e31839dd116257dd84a2b19339e1c
                                                                                                                                                                                                                                              • Instruction ID: fc6e9e078fb8c24d713cf35cb831acd6a3e4ec75e75f4a1a2a8f223669f355d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e91f6ba3a656c9c59707a3a2502e8aa5c0e31839dd116257dd84a2b19339e1c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30512A36908320CBC314CF24D85062BB7D2AB8A718F594A6CF8C9A7261D7329D55CB83
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "51s
                                                                                                                                                                                                                                              • API String ID: 0-110016742
                                                                                                                                                                                                                                              • Opcode ID: feb8c829728870a5db4c5caf849463153b10b2a1942cadcfcc524453241f45a0
                                                                                                                                                                                                                                              • Instruction ID: 6579928e4788a758d5a7a5644bb8a6224f9c3cfea986f781720c5783fe8ef6e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: feb8c829728870a5db4c5caf849463153b10b2a1942cadcfcc524453241f45a0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E321976A00626CBCB28CF68D8915BEB3B3FF89310B59C56DD482AB364EB355D51CB40
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "d?g
                                                                                                                                                                                                                                              • API String ID: 0-4020831634
                                                                                                                                                                                                                                              • Opcode ID: cd2243a63fcfcad7052ac5b2724ad72b12fb2773111b28ed32197b77e294b1ef
                                                                                                                                                                                                                                              • Instruction ID: 8834e0fff2f8e1d06ff52a834bd34b86c1980f5c1d01b3457bbca6d17d0d89a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd2243a63fcfcad7052ac5b2724ad72b12fb2773111b28ed32197b77e294b1ef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E17BF3E112244BF3545D78DC983A6B692EB95320F2B823C9F98AB7C5D87E5C094285
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: [\GN
                                                                                                                                                                                                                                              • API String ID: 0-1991390526
                                                                                                                                                                                                                                              • Opcode ID: 1550b875b043b9eb862e27de6d39d474ea73b4fcbe1a63064d9994edd0fe0073
                                                                                                                                                                                                                                              • Instruction ID: 880974fb4ad768151f6a0366bf8dd5246d7fd28b622f13291e7e9a2d25f01854
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1550b875b043b9eb862e27de6d39d474ea73b4fcbe1a63064d9994edd0fe0073
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E1D0B3F156144BF3045D69DC983A6B693DBD1320F2F823C9B989B7C4E97E98098385
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: p
                                                                                                                                                                                                                                              • API String ID: 0-2181537457
                                                                                                                                                                                                                                              • Opcode ID: 02fdccf9908d67048156b99ab7d97c340497e531555c02c86781ede62d6114b8
                                                                                                                                                                                                                                              • Instruction ID: 7312ee4e04e8a01a869188ae1223c23455ca10966c348fdbe16118238b1e791b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02fdccf9908d67048156b99ab7d97c340497e531555c02c86781ede62d6114b8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20C14AB3F111254BF3544D39CD583A276939BD5324F2F82788E8CAB7C9D97EAC0A5284
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: A1hP
                                                                                                                                                                                                                                              • API String ID: 0-3775586232
                                                                                                                                                                                                                                              • Opcode ID: 026aed112a12c41f4a7488859b217c7d14f7bf35ee4ffae4661750cf7f5064bc
                                                                                                                                                                                                                                              • Instruction ID: 2695fe7faf63bc7f962a78c22680e43408e043b5e35c6f79fae46fc8596dfa36
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 026aed112a12c41f4a7488859b217c7d14f7bf35ee4ffae4661750cf7f5064bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DC1BEF3F6162547F3444968DD883A26683D7D1314F2F82788F5CABBC9D87E9C0A5288
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                                                                              • Opcode ID: 87e802000bdd7cde1c56bc263be8acbadb725a4e63ccd6060054630deda741be
                                                                                                                                                                                                                                              • Instruction ID: c11b57be84262677b8a299db416d33716a810d632fe22eaa4212065fd6d75592
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87e802000bdd7cde1c56bc263be8acbadb725a4e63ccd6060054630deda741be
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BB139F3F1152487F3544929CD583926683DBE5320F2F82788E9CAB7C9D87E9D0A5388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: PuV
                                                                                                                                                                                                                                              • API String ID: 0-1327477671
                                                                                                                                                                                                                                              • Opcode ID: 00f97cd4fae079d625e6bd643d4c5cd1780b3c381dc223c669e9a58d2c79715d
                                                                                                                                                                                                                                              • Instruction ID: 24ba62da30dce2e8f1706cd78a7748a4f933dcb2e8142832e6e9a9f77cd7659c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00f97cd4fae079d625e6bd643d4c5cd1780b3c381dc223c669e9a58d2c79715d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FB18AB3F5162547F3584839CCA83A265839BE4320F2F82798F9DAB7C5D87E5D0A5384
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                              • API String ID: 0-4251816714
                                                                                                                                                                                                                                              • Opcode ID: 6f24a837444ebff3219465a596c11cb018c946e78b9522e02bd2f0f027599fff
                                                                                                                                                                                                                                              • Instruction ID: 258c43affddc48ab8e427d36578d4109febb70dedbb158fef21a8cb07f52bf3c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f24a837444ebff3219465a596c11cb018c946e78b9522e02bd2f0f027599fff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75B17CF7F1122547F3844929CC983627692DB95314F2F82788F4CABBC5D87E9D095388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                              • Opcode ID: 29bf4b7eccc0fef8d16b8f98e9917d53a004c04e08c848d4ac051f5af79daa05
                                                                                                                                                                                                                                              • Instruction ID: c2634d04c4ea12319418b14cbc3b7ea9637cf4ca5e2239f90bdbda31635e8bbf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29bf4b7eccc0fef8d16b8f98e9917d53a004c04e08c848d4ac051f5af79daa05
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE912671E0C2524BC721CE2DC88035AB7E5AB81360F198A69E8D5DB3E1EFB5DD418BC1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: BTO
                                                                                                                                                                                                                                              • API String ID: 0-3386312568
                                                                                                                                                                                                                                              • Opcode ID: 76ed226ca56d956e64f3cea5516c69e1e76b50a1d736e24b954164e0db01cf2f
                                                                                                                                                                                                                                              • Instruction ID: 69e3d19b161ac6c9d57ca2cb5773a56dabbd212f3312dc5baf8ad3018e62a0a4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76ed226ca56d956e64f3cea5516c69e1e76b50a1d736e24b954164e0db01cf2f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFA19BF3F1162547F3544969DC983626283DBD5324F2F81788F58AB3C6D97EAC065388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: S
                                                                                                                                                                                                                                              • API String ID: 0-543223747
                                                                                                                                                                                                                                              • Opcode ID: 93d2e99c5d23c2a55fa3312621af386f93ad020d2137cce783c10f720d7dec50
                                                                                                                                                                                                                                              • Instruction ID: 2a2d1f7aad8794a14ee1a730bb2c35bb0f3ee0c036abd8ecac1e170fe3c68165
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93d2e99c5d23c2a55fa3312621af386f93ad020d2137cce783c10f720d7dec50
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF917AF3F111244BF3544929CC583A26283EBE5315F2F81788F89ABBC5D97E9D0A5388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 0p5
                                                                                                                                                                                                                                              • API String ID: 0-195869268
                                                                                                                                                                                                                                              • Opcode ID: 3df116f695dda1656ee9c32905725a15de58028989a7484c1c8ebeb43c6b7378
                                                                                                                                                                                                                                              • Instruction ID: 4fda41cf87ebf81bdca0c082274a516cc6981497dbc5a7514f0748b597ca008e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3df116f695dda1656ee9c32905725a15de58028989a7484c1c8ebeb43c6b7378
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99917AF3F1212587F3484928DC583A166839BE5320F2F82788E5DAB7C5ED7E9D4A5384
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: GT
                                                                                                                                                                                                                                              • API String ID: 0-3197565160
                                                                                                                                                                                                                                              • Opcode ID: d7be47aae86c6e297641606fd1dfb9397b8fee62e85d53dd7e9eaa31f0dcbca5
                                                                                                                                                                                                                                              • Instruction ID: b30319cabc31c14db7075636794e1b3ee2fcee0dbc63224a610c98433d1a56a5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7be47aae86c6e297641606fd1dfb9397b8fee62e85d53dd7e9eaa31f0dcbca5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E581AEB3F1122587F3544D29CD983A17683DBD5320F3F82788A5C5BBC9D97E9D0A5288
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: R)*
                                                                                                                                                                                                                                              • API String ID: 0-1298808291
                                                                                                                                                                                                                                              • Opcode ID: 5fc73d1e59a4307bddb8a96e7d02882aacbe25ffe1a9608e4af4f71fbf1134c1
                                                                                                                                                                                                                                              • Instruction ID: 4b66652efc7225715ee2e5858e981664918a33729d9607f337ab64e445fcf796
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fc73d1e59a4307bddb8a96e7d02882aacbe25ffe1a9608e4af4f71fbf1134c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51814BF7F112254BF3544978CC983A266839BD5714F2F81788F48ABBC5E97E9C0A5388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                              • Opcode ID: 9d717796493458f4b0b0d22a066b61a13d04ef31cce9b325edade5ff80b539d2
                                                                                                                                                                                                                                              • Instruction ID: e6d01a5554675020266a69442e50aab7b46f173708a50b62ac2b2420fe8aab62
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d717796493458f4b0b0d22a066b61a13d04ef31cce9b325edade5ff80b539d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24816AF3F116254BF3544969CC5836266839BD1324F2F82788F486B7C9CC7E9C0A5388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Y
                                                                                                                                                                                                                                              • API String ID: 0-3233089245
                                                                                                                                                                                                                                              • Opcode ID: 9a5a2072eb67ef056511c62ac5b17d8507bfcdbe702238930bf372c57cdd67d5
                                                                                                                                                                                                                                              • Instruction ID: 3349659d478584162b2ad46c9690d9f4c25c6fa6b06c63cf16bd1dcb61be3b4c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a5a2072eb67ef056511c62ac5b17d8507bfcdbe702238930bf372c57cdd67d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64818BB3F5152547F7584839CC693A66583EBD0324F2F823D8BAA6B7C9DC3E5D094284
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                                                                              • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                              • Instruction ID: 7e2570267c3c874e5fcac715bb609aa0d3917904d50a5234d2f2cc4d35215c88
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E71E432A0C3758BD714CE68E4D032EBBE2ABC5710F29896DE4959B391D334ED658782
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                              • Opcode ID: de004d0eb038d491a3ecdc2b824a941851d4a78ff921d8b6b78f6ed8fd5d0511
                                                                                                                                                                                                                                              • Instruction ID: 6fb85a42f2c31662568eb90c68d06f135b921b6971156205d75b4509eae156bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de004d0eb038d491a3ecdc2b824a941851d4a78ff921d8b6b78f6ed8fd5d0511
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A7188B3F1122987F3044E28CC983627293DB95320F3F42798B592B7C5D97E6D0A9388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: a
                                                                                                                                                                                                                                              • API String ID: 0-3904355907
                                                                                                                                                                                                                                              • Opcode ID: 1d8989b474c83c7e275a1304ac4d4e65e091736952b9bfc974e8015e8db4d1c0
                                                                                                                                                                                                                                              • Instruction ID: 6196a5afc8bf1d0a47eb6efe91a7fd3d819e8616f256134fd00cd943aeeeeddd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d8989b474c83c7e275a1304ac4d4e65e091736952b9bfc974e8015e8db4d1c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 307159F7E111258BF3544D29CC543A67293DBE5710F2F81798B886BBC8E93E9D0A5388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: _1/=
                                                                                                                                                                                                                                              • API String ID: 0-3723967283
                                                                                                                                                                                                                                              • Opcode ID: f408a2b77f76c2e1846a39e3c6ad673a36dee280f76a2141768776af3cc51cd2
                                                                                                                                                                                                                                              • Instruction ID: 634e52eefae055ff105e119f498ddaa67d1ff04cbc24ba88eb0a111bb1aa3918
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f408a2b77f76c2e1846a39e3c6ad673a36dee280f76a2141768776af3cc51cd2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E618EB3F111258BF3544E29CC983A17293EB95310F2F82798E585B7C5D97F6D0AA388
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: q8&
                                                                                                                                                                                                                                              • API String ID: 0-2520589632
                                                                                                                                                                                                                                              • Opcode ID: 730f6c148fdcd2bb8ec38803fe037f310b9b0bd1c389d25607191bcba943c9bd
                                                                                                                                                                                                                                              • Instruction ID: 4757784476f602c1f09f5bc41e417c3a8da9b1a0390a9fdf73d375df54960dd9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 730f6c148fdcd2bb8ec38803fe037f310b9b0bd1c389d25607191bcba943c9bd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E616EB3F011248BF3544E29CC98366B293EBD5310F2F82788E486B7C4E97E6D499384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                              • Instruction ID: b62c017454a4aceb25f68d8d265633a9de171adec1a334104df89df56f15cc5a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F12B032A0C7118BD725DF18D8806ABB3E1FFD4319F19892DD9C6972C5E7B4B8518B82
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2bf9498f3f040467ea4f090d34760c520bd7efdc171c4690923ca815d76c334b
                                                                                                                                                                                                                                              • Instruction ID: a6d77d1d6e7b064a99c1fd90303eae7a3cac45f9f7b9cdfb3b2e039a953d7cf5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bf9498f3f040467ea4f090d34760c520bd7efdc171c4690923ca815d76c334b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A912ADE3F51B154BF7544869DC983A21583D7E5321E2EC1388B985BBCED9BE9C860384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c6c34399c20cbc6dfc6dc703f3bfe14f00eb77cac352344c0e6bb82634736b3b
                                                                                                                                                                                                                                              • Instruction ID: 21c15adbdc90f14d36709e49e1512b1a45bae696b19551c1d4b70c7f7dc0d1b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6c34399c20cbc6dfc6dc703f3bfe14f00eb77cac352344c0e6bb82634736b3b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53F127B1E003258BCF24CF68D8516AAB7B2FF95310F198199D896BF355E734AC51CB90
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6f975f2a20915ccdef8d5d48be5a9122d2f78d28c276bf61ea7b7e7e6f3a2e97
                                                                                                                                                                                                                                              • Instruction ID: 4ec00f13079f1eff39f45de5d5dd8d1b3e412729765e1da3f012d884bbd8f593
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f975f2a20915ccdef8d5d48be5a9122d2f78d28c276bf61ea7b7e7e6f3a2e97
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F19AA3F51B160BF7544469DC983A21983D7F5321D2EC2388B944BBCEE9BE9C870385
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 54173279ec5edc5be4092d58c05a198e55eab9ea2ee15d5aa865dc68350897d5
                                                                                                                                                                                                                                              • Instruction ID: 9d24c166bc24120b16f8fba6e9c5b72fbe3b9667dec3089f6a939ce95408a899
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54173279ec5edc5be4092d58c05a198e55eab9ea2ee15d5aa865dc68350897d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60E1D1F3E102244BF3544E39DD98366BAD2EBA4320F2B463C9E9CA77C5E97E5C054285
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 58f604e6be5d6af42b7339b518ff3f691d0bfd49df4652d98dd7ca2ee2a1036f
                                                                                                                                                                                                                                              • Instruction ID: 37152e411e9affa2dfd8c561f827e0f6589d3e80ed42a99ee66eacb626acc317
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58f604e6be5d6af42b7339b518ff3f691d0bfd49df4652d98dd7ca2ee2a1036f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31E1C1F3F106204BF3444968DC99366B692EBE4320F2F813CDE89A77C5D97D5D058685
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 650d219aec6c9905789d6c69eabc8edf5664ee614d8aeebe4f18d7342a35255f
                                                                                                                                                                                                                                              • Instruction ID: 35a8cec8fecd406e2a08cd7aea0d5084d752483079a2ed564b8bdc5ecdb18f23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 650d219aec6c9905789d6c69eabc8edf5664ee614d8aeebe4f18d7342a35255f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7D116B5608710DBD3249F24D8517ABB7A6FFD6354F084A2DE4C98B3A1EB349880C793
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5eeff56bb501b83ceddb5f9dcc6a547ecc1fdee18354a48490c5f39a931857b9
                                                                                                                                                                                                                                              • Instruction ID: d74be48d3c7f8755e0750bdefee3113bc53f9cd62b201d67c419edf6d3c5efee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eeff56bb501b83ceddb5f9dcc6a547ecc1fdee18354a48490c5f39a931857b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2D1F77AA01116CFDB18CF68DC917AE73B2FB89310F1A8568D851E77A0DB34AD51CB50
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7af15bd3ed9ecaede3def1978c9a9f20cc1f01364bb80515d0a88e42d66a7859
                                                                                                                                                                                                                                              • Instruction ID: 50ae3aceaecf26834c5c97c5e831e9b4620192060ed1cf650475c36266054bc7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7af15bd3ed9ecaede3def1978c9a9f20cc1f01364bb80515d0a88e42d66a7859
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CD1C2F3F046108BF3449E39DC58366B693EBD4320F2B863C9B9897BC4D93D98098685
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: ac2885bd069c0f4a74d4e39b38e933c2789b6b28c8471c49982da34ecb90e183
                                                                                                                                                                                                                                              • Instruction ID: 092df36e9067939911720d6336a5b2a3bd71b41557085f5e3f6466a9bcad431d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac2885bd069c0f4a74d4e39b38e933c2789b6b28c8471c49982da34ecb90e183
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90C148766083519FD728CF28D8817AFB7E2AB95310F09893DE0D5D72A2DB359884C792
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4116753f948b98cfc6d746e77bf0ccb69aab906e7948ba176ce9fb7d58f3c44d
                                                                                                                                                                                                                                              • Instruction ID: d9f4fabba75bc6f49e9c7698591af79fd920479e303cc1820d34b5745f258d40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4116753f948b98cfc6d746e77bf0ccb69aab906e7948ba176ce9fb7d58f3c44d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90D148F3F1162547F3584869CD983A2668397D4324F2F82788F4D6BBC9D87E5C4A52C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c0abac5214710288d4421fc11617bd038b9bcae0734979bfb7207e5b598bd834
                                                                                                                                                                                                                                              • Instruction ID: da1a10cc694acd19785e1851d39da8bf556a5dc2614bfa61b8a9d9152e31cc4f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0abac5214710288d4421fc11617bd038b9bcae0734979bfb7207e5b598bd834
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0D169E7F54B640BF76044B9DDC8396598297A6320F1F82B0CF9C6B7C6DAAE4D4802C5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 71c84c18d95f17d7d70f35da92597aea9b756bde359a1e4e8cb29cd335035aa2
                                                                                                                                                                                                                                              • Instruction ID: 673f6aa345e428478d9664163b455a8513a4395d90f0518860fd68a4841e1be2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71c84c18d95f17d7d70f35da92597aea9b756bde359a1e4e8cb29cd335035aa2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED15AF3F102248BF3544929DC983A26693DBD5314F2F82788F986B7C9D97E5D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b2ad9b9e7488cf3baa35c815dc0c48872660d2858efa7acb34180aaf734d08a2
                                                                                                                                                                                                                                              • Instruction ID: e5c3573f643a3b871fec0c6fc082f102ad196379cea3f5bc7739ea12cf85f635
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2ad9b9e7488cf3baa35c815dc0c48872660d2858efa7acb34180aaf734d08a2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48D177F3F1152447F3484939CC693626693ABA5320F2F82798F5DAB7C5DC7E9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dc253e771c656cc6b5ba323351e06b8e8bf44ece6c49fd5838b53a956e1cbfd7
                                                                                                                                                                                                                                              • Instruction ID: 6c44d7e54af289c54f5e68ed2cb6561bbf2a59311dd762f18728e138e7bec3eb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc253e771c656cc6b5ba323351e06b8e8bf44ece6c49fd5838b53a956e1cbfd7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AC17AF7F116144BF3584939CC983A26583DBD9724F2F82788B599B7CAE87E8C064384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5d3285bcd1c9e458e9b22247b12ce641580c2df942b077120c60604aa8e3228d
                                                                                                                                                                                                                                              • Instruction ID: c645bef0d2ff675baa7aa0188b1e2f9dcbb1549c68438c0725ad25f7248c1c07
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d3285bcd1c9e458e9b22247b12ce641580c2df942b077120c60604aa8e3228d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FC1BEF3F516154BF3584928DC983A22683DBE0324F3F82398B595B7C5EDBE5C065288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9c9ba387e6aca991a6ef858662f8c20cdf2c6b5154c0e4bb99854f7ef8bf12fa
                                                                                                                                                                                                                                              • Instruction ID: e7bf39c54e08392edf438b488c267c2f656cbfc2f0f5a863c1535024c2d50cb2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c9ba387e6aca991a6ef858662f8c20cdf2c6b5154c0e4bb99854f7ef8bf12fa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C1ADF3F5122447F3584978CCA83A26683DBD5314F2F82788B59AB7C5DD7E9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d548fef9b44b38afaab24e7bdc1f203d716044ef8b850b3a50bf0bc4a4dea9f9
                                                                                                                                                                                                                                              • Instruction ID: ff90a4fa30fb89c9085630a0d495027b886374ef4d54949e8c3a3a63ac17dfab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d548fef9b44b38afaab24e7bdc1f203d716044ef8b850b3a50bf0bc4a4dea9f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AC159F3F6012547F3544929CD593A2658397E5324F2F82788F8CAB7C9E87E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 346cddb1540e50bf184b4b171ac9605e23f58364ec0b7f9576032a57f012d317
                                                                                                                                                                                                                                              • Instruction ID: 1ad9e0bb333433daf53992d360d9ac5ff175cbaa318561c3a75b3dd958b1e6b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 346cddb1540e50bf184b4b171ac9605e23f58364ec0b7f9576032a57f012d317
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26C157F3F1162547F3544839CD583A2658397D1324F2F82798E9CABBCAD87E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e9d75645566e6ad0ec5fecc0176e824154dc7f7a035cdbe33a809cb316510ce3
                                                                                                                                                                                                                                              • Instruction ID: 12173f38991f9327e298a0c24373d7eb1319a53ef9b8e373cfbf7f9569947e06
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9d75645566e6ad0ec5fecc0176e824154dc7f7a035cdbe33a809cb316510ce3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBC17BB3F516254BF3984878CD983A2658397D4320F2F82388F586BBC9DC7E5D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: c3a24247b720b40a670fd05a2adde66293e012f61c6aa1dbd2bef5eb2cdeabd1
                                                                                                                                                                                                                                              • Instruction ID: f717a8c2bbffc9f0c00fe008d71f64695b272b2d1dc6841fae188b47fc1a9402
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3a24247b720b40a670fd05a2adde66293e012f61c6aa1dbd2bef5eb2cdeabd1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6B1F476A083128BC728CF28C89156BB7E2FF99710F19853CEA8697365E731DC42D781
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 77d35f7057411de1e94176688348066ac9faf1b876c4e2598506753bc3bb82bb
                                                                                                                                                                                                                                              • Instruction ID: 76ec28f26a97aead2169ed9c03df144bee5b02fc26a9e8e59b040db0152de060
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77d35f7057411de1e94176688348066ac9faf1b876c4e2598506753bc3bb82bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07B1067AA00215CBCB18CFA9D8916BEB7B3FF89310F68816DD446AB355DB355C52CB80
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e7ed16b4bc3f967e9ef397fb394cd24226d16c1e04aef497d71697827d823fd7
                                                                                                                                                                                                                                              • Instruction ID: 966081ad278a56de308208435cb0fbfb1ff87d72ad3e7c31eb14d43b6bea6f97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7ed16b4bc3f967e9ef397fb394cd24226d16c1e04aef497d71697827d823fd7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAC15BF3F1152547F7584839CD683626683DBE5324F2F82788B59AB7C9DC7E9C0A4284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ba5fa321bb2e490283a44fe0e2b9278b9ceba168204b4d9c463bad638b76c0cc
                                                                                                                                                                                                                                              • Instruction ID: 846ff058b11d1d1a67a1144b72cc77eb18adff2e9d52e8118b4a72007adee52c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba5fa321bb2e490283a44fe0e2b9278b9ceba168204b4d9c463bad638b76c0cc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10C17BB7F615254BF3484839CD583A2658397E4320F2F82788E5CABBC9DC7E8D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 47f1ec0fccc1fc6a3ed1c789b93ca4cb224291d9668b285f806e40d42c78b41f
                                                                                                                                                                                                                                              • Instruction ID: 8b717afebd92e1ea679db30787dc5f3a2ffeb0f6c4f90cfdcda6e305b704a68c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47f1ec0fccc1fc6a3ed1c789b93ca4cb224291d9668b285f806e40d42c78b41f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02C190F7F116254BF3440979CC983626683DBE5320F2F82788B58AB7C6D87E9C0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e64b7c102f32a81504da8a073dbc6474b0bcce407df8d028ad5b4dbf434a505e
                                                                                                                                                                                                                                              • Instruction ID: 4c84805c9bce874ec17bca46ea604be51e4fb6b2bc96d7198322bd4fdbbf6f22
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e64b7c102f32a81504da8a073dbc6474b0bcce407df8d028ad5b4dbf434a505e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28C19CF3E5063547F3544969DC983A26282DBA4324F2F82788F4C6B7C5E97E5D0A53C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fe880147c214a1a95db2168389f2a50fcb92b79835f18dda0bf4aa0bd3bb296f
                                                                                                                                                                                                                                              • Instruction ID: fe72c3bf61202f532bcb7c1dc8e50c3040dd5048abd60e9c6d8dc2ca2f442804
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe880147c214a1a95db2168389f2a50fcb92b79835f18dda0bf4aa0bd3bb296f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43B18BF3F1162447F3584839DC993A26583DBA4324F2F82398F59A77C6EC7E4D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1327bbd1609152b2646277080e1b2903b37cbea938e7ba10ad572ed198bae7c1
                                                                                                                                                                                                                                              • Instruction ID: 88a2c73f13d21aec586fa9d8a72c28cf6998177ec169c3042f2eaecb6eb3852e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1327bbd1609152b2646277080e1b2903b37cbea938e7ba10ad572ed198bae7c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66B101F3E142048BF3045E29DC98366B792EBA4310F2B853CDB88977C5E93E9D098785
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0e7e3e58d9d03b707a7a42b99597d978c00cde18204c98bf089acfdd301c2754
                                                                                                                                                                                                                                              • Instruction ID: c6a9b7db07f28bc29295448413d5bf41618bf12af182934d69a47c3788d8158f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e7e3e58d9d03b707a7a42b99597d978c00cde18204c98bf089acfdd301c2754
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CB18BB3F616254BF3544978CD583A26683DBD1321F2F82788F586BBC8DC7E5D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8451f0016b1120968d7a1f1452269604453875559689c01eda802a15c0c64edd
                                                                                                                                                                                                                                              • Instruction ID: 8123bb6299466d70413b3521d5824c7ef84751a9fe11c9857d9f503e2df4f3d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8451f0016b1120968d7a1f1452269604453875559689c01eda802a15c0c64edd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3B1CEB3F6122587F3580978CC983A1A6829B91320F2F42798F5DAB7C5D9BE5D0A53C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 666c109d672fc3a3edc33c30da4c542e80ac1fb73a5f548d8b33bdcbec55730b
                                                                                                                                                                                                                                              • Instruction ID: 6e0135598d057bba3c555f0c1c6a1d578c243ebd5a935651414d84f1315e7490
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 666c109d672fc3a3edc33c30da4c542e80ac1fb73a5f548d8b33bdcbec55730b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA9135B2A04321ABC724DF20DC92B7BB3B5EF95314F05482CE9869B381E775E914C752
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b6a77f5379bc510e867c32ee907685ca3402004b11864e8569a127564317ead8
                                                                                                                                                                                                                                              • Instruction ID: fa7fd31c60bd6f1957ec7eae9db4189b1fcf1c9c74991b5036394e3ba0bb0336
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6a77f5379bc510e867c32ee907685ca3402004b11864e8569a127564317ead8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7B1BEF3F042148BF3545E29DC89366B692EBE4310F2B863CCE889B3C5E97A5C058785
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4a0577c5f461a7423ed5d131ab821fd373cd3cb5db72e953da1b077249e4dfa5
                                                                                                                                                                                                                                              • Instruction ID: 2482f3d631fdd75dab17695e5c86588cb3eb9494d4bc7534860c7223fb3d0e10
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0577c5f461a7423ed5d131ab821fd373cd3cb5db72e953da1b077249e4dfa5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0B1AFB3F5162547F3844939CD883A26683DBD5320F2F82788B589B7C9DCBE9C4A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f5522cac4f059908d8d947bc843532fe65a333d0b775b4190269d823853eb8b4
                                                                                                                                                                                                                                              • Instruction ID: 928b893b92ab69b6b73fd4f5bc2f335f6df4258a45a01bfe1f781f7b92fc3f30
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5522cac4f059908d8d947bc843532fe65a333d0b775b4190269d823853eb8b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DB178B3F1112587F3544D29CC583A26283ABD5321F2F82788F596B7C9ED7E5C4A9384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 135afc53671e5b3454166b630fb366723a30f5b0e63e2c29fcda4103d8e842e8
                                                                                                                                                                                                                                              • Instruction ID: 682e591d734987a1c2ac2933a337a6b0c0437dde4d2d2e796882ab8d580ea323
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 135afc53671e5b3454166b630fb366723a30f5b0e63e2c29fcda4103d8e842e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72B1BDB3E102264BF3584978CDA83A266838BD1324F2F42388F5D6B7C5ED7E5D0A52C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: de2a61518eeeab3425320fbf1a5e63ef066fd39cf13abded52884970f25868c3
                                                                                                                                                                                                                                              • Instruction ID: 28caf80bd5a5d8302e227973402b6a02b2fc5ab62bf75b550541c49bad22a371
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de2a61518eeeab3425320fbf1a5e63ef066fd39cf13abded52884970f25868c3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49B17CB3F112254BF3584929CD583A17683DBA5311F2F82788F8DAB7C4D97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7dc26581028a836bfa6dd75561a74f3ab4dfa9045fd45258e6289bbe256ee18d
                                                                                                                                                                                                                                              • Instruction ID: 5fe1b9b69d08c678608001c7f2397d6c0386d64f094de8df540d2b84bf1fa1dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dc26581028a836bfa6dd75561a74f3ab4dfa9045fd45258e6289bbe256ee18d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B137F7F1152547F3544928DD683A266839BE0314F2F82788F9C6BBC9D83E9C0A52C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 38f86b59e827a917ab3897479d62f1c06045d326a6afe7af95e3889d9c440b0c
                                                                                                                                                                                                                                              • Instruction ID: e7c0bfbf803af27349f35a80e4cc7c831ae2ccb0a64bfe401ec5828df9d1b834
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38f86b59e827a917ab3897479d62f1c06045d326a6afe7af95e3889d9c440b0c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3B15AB3F115254BF3544939CC593A276839BE5310F2F82788E8DAB7C5D87E9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 25ee6f6fcc82dcffa6b856937c5ec6368afed9dba6582ef7aac76ecce868daf2
                                                                                                                                                                                                                                              • Instruction ID: f433aec01f3d6d76b724419b9a83dacb9204b3f10f2fc094116ed38efaf792b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25ee6f6fcc82dcffa6b856937c5ec6368afed9dba6582ef7aac76ecce868daf2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8B17BF3F1112587F3504929CC983A2A693DBA5320F2F82788E5C6B7C5E97E9D495384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c3f94947091dc1fd7ce788296113a684a99205e216f377761e74f4121846daca
                                                                                                                                                                                                                                              • Instruction ID: 464c74fcec732dd839edd0c7387978b348f383c21c251aebd608f8eedf0aa595
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f94947091dc1fd7ce788296113a684a99205e216f377761e74f4121846daca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3B1A0F3F6062547F3444978CC983A26182DBA5324F2F82788F58AB7C5D87E9C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fe3a9cc88940bfcd176f4b43ee0bf43d7278a79f059f1a60c5c6271ac6624847
                                                                                                                                                                                                                                              • Instruction ID: f5a2b1609a4f307af099101711f93fd093f392a6fd3ad9994e61d901e7ba5122
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe3a9cc88940bfcd176f4b43ee0bf43d7278a79f059f1a60c5c6271ac6624847
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CEB18AF3F215254BF3544929CC583A266839BE5320F3F82788F5C6B7C5D97EAD0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 95a4867ac3e8e03d924d17699ecc2fa4b447d45cafde071307769b6823776256
                                                                                                                                                                                                                                              • Instruction ID: 4c43f569528c8e1a49ff238027b5a053153b431e2e57baea6121e975d568c5d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a4867ac3e8e03d924d17699ecc2fa4b447d45cafde071307769b6823776256
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAB178B7F116254BF3544D39CC983A266839BD5320F2F82788B5C6BBC9D87E9C4A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 51029ecf8a03220b0fd3a7506adbb3e4e9d17bf97dce6bbda40eadc512164f38
                                                                                                                                                                                                                                              • Instruction ID: aaa3c544ad9ef130bd32796b77b49b026260ec834fc9b0611a9e40da33ea9679
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51029ecf8a03220b0fd3a7506adbb3e4e9d17bf97dce6bbda40eadc512164f38
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CB158F7F112254BF3844929CD583626683EBE5315F2F81388F496BBC9D87E9C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f5caef84d1d248c1d0df10e5ba1d6e0c38566155f279400f61e8914f465396f5
                                                                                                                                                                                                                                              • Instruction ID: 21c1b6280bdf639ad17a8ace2ab0d7d27e0a86a8d1bfc09125de533b70c25801
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5caef84d1d248c1d0df10e5ba1d6e0c38566155f279400f61e8914f465396f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3B16CF3F1122547F3584839CD593A26583EBA4324F2F82399F59ABBC5EC7E8D065284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 561f52e4791f63bee0d2c09a89b65808b1f866e7d27c786d9e0d218e12108368
                                                                                                                                                                                                                                              • Instruction ID: 4b3301874c653314674ff201309c592c38a29490ba7d478026a8324b00ba98bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 561f52e4791f63bee0d2c09a89b65808b1f866e7d27c786d9e0d218e12108368
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BA17DF3F1122547F7580929CCA8362A683DBE5310F2F82398B5AAB7C5DDBE5D065284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6845d40e93fc2e191a56ef5e039f6000ee0a6ed7b2ca5941ec4bb93b645f7383
                                                                                                                                                                                                                                              • Instruction ID: c86f12b79eeeae2e1294d34b00ee57797500bcc25bec00fa449424837e8530a9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6845d40e93fc2e191a56ef5e039f6000ee0a6ed7b2ca5941ec4bb93b645f7383
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8B17DB3E1012587F3544D28CD983A27692EBA5320F2F82788E9C6B7C5D93F9D4957C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 13619f8cceada0b2c01d5015a635061b3ae9a64709a44d8f82098faabc19c194
                                                                                                                                                                                                                                              • Instruction ID: 19bf2190ceb7069ac107a30892809896756dbeefd80b49d2bc2a90d3a798876b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13619f8cceada0b2c01d5015a635061b3ae9a64709a44d8f82098faabc19c194
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFB16BF3F112254BF3540929CD583626683EBA5320F2F82798F4DABBC5D87E9D495388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 865b561ab4028d841cf75c0a7af180ea43931b8dff1f9fbc3091b65c0d66e84e
                                                                                                                                                                                                                                              • Instruction ID: 0b0a71113da53fa08b1c121065a53fdccf1fee346065d4eafd7184dfad8b4cb6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 865b561ab4028d841cf75c0a7af180ea43931b8dff1f9fbc3091b65c0d66e84e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30B149B3F111258BF3544D28CC583A27692EB95324F2F82788F896B7C9D97F5D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                              • Instruction ID: b53275bf48da9058bbeae62533bbd17c4d2241187dd6ff57f29db66a2d7923a6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07C159B2A487418FC360CF28DC96BABB7F1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 965b4f4deaa69e777350386b68b7561bd7b4e78697389f46e90da979ddb3be6f
                                                                                                                                                                                                                                              • Instruction ID: 033fd23adbe980ffd75e36a47fb6afe6865dcc7f687157854aa7706c3fab593a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 965b4f4deaa69e777350386b68b7561bd7b4e78697389f46e90da979ddb3be6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09A16CF3E2062547F3640978CC983A26682DB91324F2F82798F5CAB7C5D97E5D0953C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 43e72d1d793f7e9575feba19e473cb22d5acc21d4d509bc2467d151b9f990fdf
                                                                                                                                                                                                                                              • Instruction ID: 31b0d2949c3a9c97dbfc32dc61bde32d27d35b08f9e41519e2f512ecd4f68009
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43e72d1d793f7e9575feba19e473cb22d5acc21d4d509bc2467d151b9f990fdf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30A1AEF3F1162547F3184C29CCA83626183DBE4325F2F82788F496BBC9D87E5C065284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 73e8a92de5f73f753a9b592479fc4a427ecd0319582c052723baf03a69c64d3a
                                                                                                                                                                                                                                              • Instruction ID: be8457c8471417ca504146ecc3c93614ba6bb92eee271ae362eaf37f553ee8bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73e8a92de5f73f753a9b592479fc4a427ecd0319582c052723baf03a69c64d3a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2A178F3F5122447F3584929CC583A27683EBE4314F2F813D8B49AB7C9D97EAC065288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c26c2556dd1e60dc6ddb57eb3c2893238f56bbec673efc82e8736ca4bb902272
                                                                                                                                                                                                                                              • Instruction ID: 84d650f57cae606f52ff3b63162dab7e37514dfeda236e08ff6037f6be58ee97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c26c2556dd1e60dc6ddb57eb3c2893238f56bbec673efc82e8736ca4bb902272
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07A15AF3F121158BF3444D29DC983A27693EBD5724F2F41788A489B7C5E97E9C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 54288bb1ad66491ebdfcc0dbfd5130fe4352e94643dc15b35717f22315d42718
                                                                                                                                                                                                                                              • Instruction ID: cb793eb293c08ec0aca0557985fb7c817a01aea71cb8980d45d02b4ceece54ec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54288bb1ad66491ebdfcc0dbfd5130fe4352e94643dc15b35717f22315d42718
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04915C72654B1A4BC718DE6CEC9066DB2D2ABD4210F4D823CE8958B3C6EF74ED1587C1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 64ce617fb726c4da4f0fc1fa442c22d13e5cd3a738ec3dfd6d79597a9a6ffea0
                                                                                                                                                                                                                                              • Instruction ID: 703dd5db4be3f5cfa4565aba8735901cb296f8dab5a9543a95848acf951cc9f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64ce617fb726c4da4f0fc1fa442c22d13e5cd3a738ec3dfd6d79597a9a6ffea0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19A148B3F112254BF3504979CD983A266839794324F2F82788F5C6BBC9D9BE5D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b9dbb2a5a65d0cda10276420c4dd152c6234ef9f9abaf5ac240882ede8bcff19
                                                                                                                                                                                                                                              • Instruction ID: 7e1458b697d990ecea37bff04c749b88d75cec2b39cc3481ca9e5cfd7331d55f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9dbb2a5a65d0cda10276420c4dd152c6234ef9f9abaf5ac240882ede8bcff19
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61A159B3F516244BF3588939DC983622683D7D4320F2F82788F9897BC9DC7E5C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dff2b23395bf59667a08ebf21ccf75b6ec6fdd35136c20f2204bd56965508c67
                                                                                                                                                                                                                                              • Instruction ID: ee35f054bcb996372ba33b102e40e72c1b320d6c586c915d8dc41958f683f948
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dff2b23395bf59667a08ebf21ccf75b6ec6fdd35136c20f2204bd56965508c67
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5A14CF3F616244BF3584D39CD983A26583D795320F2F82788F98A77C9D87E9D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ba1b96fc4c9b5151d420ec36036d8064e7438f7ecdf12bedd0bc13f23250a890
                                                                                                                                                                                                                                              • Instruction ID: 5f37081673eb0aacc04c5e1b7be7b25121342069cf83789612b15b5206516005
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba1b96fc4c9b5151d420ec36036d8064e7438f7ecdf12bedd0bc13f23250a890
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FA16CF3F112254BF3944928DC983A26293EBA5310F2F42788F5DAB7C5E97E5D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 92e06732a6457b389642cc9d6d130d949005f1981358224ea2fb6004bb25038d
                                                                                                                                                                                                                                              • Instruction ID: ad4020897ace2f242d467e002f296f96bb634d28812be5a99a5742688e9c65b5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92e06732a6457b389642cc9d6d130d949005f1981358224ea2fb6004bb25038d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA169F3F1152547F3580879CC583A266839BD5324F2F82798E9CAB7C5E87E5D0A52C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 995830e1cf1d816beedf7f45c51c032708a573cbb4d8a40e31ed29f756040c61
                                                                                                                                                                                                                                              • Instruction ID: de660f6c228ea75d3a422df76e3d1536ef0ffa893f39ffe385bfeeaf7f43179c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 995830e1cf1d816beedf7f45c51c032708a573cbb4d8a40e31ed29f756040c61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79A18CF7F106244BF3584979CC983616292DBA5320F2F42788F6DAB7D1E87E5D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f03a68ac5965988626a94bc2a42a3ad2a7b7e4a813b9bef23c4d99277fae8886
                                                                                                                                                                                                                                              • Instruction ID: 01821e1e65c99e255e4cf58d2386aab70f64c79268ae4f9d376830bf8d47b9b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f03a68ac5965988626a94bc2a42a3ad2a7b7e4a813b9bef23c4d99277fae8886
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02A19FF3F1122147F3544928DC983A16683DBE5325F2F42798F98AB7C5D8BEAC4A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 51c8aae552cc19bb1363f71b1e7aee972c1b51c4ae7c292b171d58e3e61431c6
                                                                                                                                                                                                                                              • Instruction ID: a8c05d9dd92b97d7dc5940c3c7411c43d9e81e4eb159b868274f48847365a98f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51c8aae552cc19bb1363f71b1e7aee972c1b51c4ae7c292b171d58e3e61431c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1A15CF3F116244BF3548939CD583A26583EBA5320F2F82788F996B7C9D87E5C095288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9b2cac329143215d074ff667425432339d28f0394b72144010d2956b6a6166f1
                                                                                                                                                                                                                                              • Instruction ID: 7d8a3937e75b8681735e6d62b61e7c10767bf85cd688721ab82e14499be1139f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b2cac329143215d074ff667425432339d28f0394b72144010d2956b6a6166f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03A15CF3F1112547F3944879CC583A26583DB95320F2F82788F68ABBC5D87E9D095384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1bf8bc07c9ac918a12070bdbfc61d8b697521210987369594550abf99a5c09dc
                                                                                                                                                                                                                                              • Instruction ID: 663d9e3b6222d71c42313c9e1002ddcd5383e53ef19f3eed7e53a5bb9e812a64
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bf8bc07c9ac918a12070bdbfc61d8b697521210987369594550abf99a5c09dc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAA16AB3F511254BF3504938CD483A266839BD1724F3F82788E5CAB7C9E97E9D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e77a71eac5ae216cd53fee638710a841e7b6f8f597445a67b209a9b8425f7dfd
                                                                                                                                                                                                                                              • Instruction ID: 48d1212f2fa47d79dd4719e0072a1dfff40f781d58e535b13f33f7263e3003f5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e77a71eac5ae216cd53fee638710a841e7b6f8f597445a67b209a9b8425f7dfd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCA1ACF3F516144BF3484968CCA83A17683EBA5320F2E82788F595B7C5D87E5D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fdf83002bb565c5b803c5329dc5e3a3d9b6c1d0df822d41516faf96c1afac831
                                                                                                                                                                                                                                              • Instruction ID: e390fcd7c4528ebdc08c005d07a0a4017cd0d2e2c36ff6740c04b02ac6751f50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fdf83002bb565c5b803c5329dc5e3a3d9b6c1d0df822d41516faf96c1afac831
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EA17CB3F112258BF3544D29CC983A172839BD5324F2F82798E5C6B7C5D97E5D0A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 17cadf80ff7b1aa35711794fabafab195257db3c3a05a1eb14917d6c92779393
                                                                                                                                                                                                                                              • Instruction ID: 6a435d3b9395b117b05b28de4f41a6159b1057c7c531f18bf34fe1dcb3ea9eb5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17cadf80ff7b1aa35711794fabafab195257db3c3a05a1eb14917d6c92779393
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2A15AF3F115254BF3544939CD9836265839BA5320F2F46788F5DABBC5D87E8C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 242a433d0e6c42b8ae5414f030de0d0fa03644fa276ade7c8d44d684cbabd9d5
                                                                                                                                                                                                                                              • Instruction ID: 70b2a7de886b6548d18ccd85620e258be88adae36c253fc02af432499333a886
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 242a433d0e6c42b8ae5414f030de0d0fa03644fa276ade7c8d44d684cbabd9d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AA19BF7F616258BF3444D68CC983A66642DB95314F2F82788F18AB7C5C97E9C095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c7ba1645b2a01fce92831fe2513687ab439644c5a57c5f095d1abc57d27c31fc
                                                                                                                                                                                                                                              • Instruction ID: 4de6df9b50417cf2d62e7e6695378759d8f46e7b7d513ea018f60adc113db3b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7ba1645b2a01fce92831fe2513687ab439644c5a57c5f095d1abc57d27c31fc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8A15BF3F506254BF3584879CD983A66583D794324F2F82388F9D67BC5E8BE8D4A1284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 61087c84b60e94b988ab0c0ed32314f96f46c299ba9c4d8bf0841f065008f9fc
                                                                                                                                                                                                                                              • Instruction ID: 5481e24740b1f662f8aa53f56cf721bb0773aef11b81f0607065aee922e45d78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61087c84b60e94b988ab0c0ed32314f96f46c299ba9c4d8bf0841f065008f9fc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1A158B7F111254BF3584928CC693667682EBA5310F2F813D8F4AAB7C4DD7E5C0A5788
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: cf64108486132ad9faa02074d3b9409eff769928137ab1212dfd6775059c67b5
                                                                                                                                                                                                                                              • Instruction ID: 8eac0931e1154d9525567d68569259420d184d5c2f76ddeae2d902660a524f8e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf64108486132ad9faa02074d3b9409eff769928137ab1212dfd6775059c67b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FA15BF3F516264BF3944879CD583A265839BD4324F2F82388F4DABBC9D97E9D061284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d22f9836f8999127461a594ef1848393c36da80a884054083c1cbb5917e78318
                                                                                                                                                                                                                                              • Instruction ID: 42acc26684c199489ce94f7cea7538805edb28f5714ff7a2b0f314ca3ef3a12e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d22f9836f8999127461a594ef1848393c36da80a884054083c1cbb5917e78318
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77A1BBF3F6162547F3580968CC693A17683DBA1324F2F42388F5DAB7C5D97E9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 95ab70f8616c736d53986358d98208a9911687fb3755d0957b9b92361c3cff0a
                                                                                                                                                                                                                                              • Instruction ID: 24c16a3c2e1278844d60ad9f15f6ed20dc2be556d62f89e75e47944bbf5b7489
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95ab70f8616c736d53986358d98208a9911687fb3755d0957b9b92361c3cff0a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2A190F3F2152587F3984D28CC593A27642EBA5320F2F42398F59AB7C1D97E9D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d43ca9f4aeb92b1799af5d94558379ed89275857c9b3f618d299ea14077b4511
                                                                                                                                                                                                                                              • Instruction ID: 4e32c729eac32eb1eb5b663372300f19c501513bd2b62c63ee54192d3b181830
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d43ca9f4aeb92b1799af5d94558379ed89275857c9b3f618d299ea14077b4511
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EA17CF3F1052547F3584979CC683A665839BE4324F2F82788F596B7C9DC7E5C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 03b0ce288b524cf3d0c1cfbeffdd74305076b4c0efe24a73a455d8fa2d01d8f9
                                                                                                                                                                                                                                              • Instruction ID: ba0401d31350c79b2f9d691e78ce7449d9528d9b9d596aaac88d622e93e601e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03b0ce288b524cf3d0c1cfbeffdd74305076b4c0efe24a73a455d8fa2d01d8f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1A19BB3F102258BF7584D38CC583A67693DB95320F2F427C8A59AB7C5D97E9C099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3b2be2c1ef1cdb9dfe1e329301b4db06c28ed78f4a9929859d7bc1b7a91a4d77
                                                                                                                                                                                                                                              • Instruction ID: eddca3cfc83d45762e705db1e86dc7a60a61352f1b381d515965bc0f95fa7c68
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b2be2c1ef1cdb9dfe1e329301b4db06c28ed78f4a9929859d7bc1b7a91a4d77
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58A18BF7F1122547F3404929DC983626683EBE5314F2F81398F98AB7C6D97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 28b4c2e650670dd618b6dd5a8af543f32062fb789fb0c56abd4fb714dbc8ed0b
                                                                                                                                                                                                                                              • Instruction ID: d8af67d33111e79c2d4b1d88218942cc4db773ee922ef40f1b4e02ed2c57de68
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28b4c2e650670dd618b6dd5a8af543f32062fb789fb0c56abd4fb714dbc8ed0b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0A15BF3F216254BF3444968CC983A66583D7D5320F2F82798F59AB7C5D87E9C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ae5e163c916ac5039abc02a133294519b005d36a747e564489d4ee53ab1ecd7c
                                                                                                                                                                                                                                              • Instruction ID: 2689e45f9ef4780dd2a5b132c8859ab07025bea9a1a700b6366090314e28bb56
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae5e163c916ac5039abc02a133294519b005d36a747e564489d4ee53ab1ecd7c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DA15DF7F1162547F3484879DC683626583D7D5724F2F82788B58ABBC9EC7E9C0A1288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f3e6a6de4848aceea34e6e9a7f6daaf2b11563e83e67fce6f910a80020d884b4
                                                                                                                                                                                                                                              • Instruction ID: 1736f1714f35b15c64bc21bc0f0d34fc4074831597c678f780634ac104cb2854
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3e6a6de4848aceea34e6e9a7f6daaf2b11563e83e67fce6f910a80020d884b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FA1AAF3F2112147F3944878CD583A26683D7A5311F2F82788F58ABBC9D87E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 46b606609e3cbdee3680f075ead0aa3063c76a49456c1d4c88b819e3c8a217ed
                                                                                                                                                                                                                                              • Instruction ID: 2c7b10ba2ad6a620a1d2a9ffc447509a98caa2081174fdeba9a2da92ee65377d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46b606609e3cbdee3680f075ead0aa3063c76a49456c1d4c88b819e3c8a217ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55A1CFF3F5122547F3844839DD993622683EBE5314F2F82398B589B7C5EC7E9D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f3d5ea24c5c7935dd53c85f58933445af5841ffaefa8e76193cbd895c27093af
                                                                                                                                                                                                                                              • Instruction ID: 878a8aab4530a976c0a9ab03ced043e9dabf8d54b14d0fa434f7145b1534b8a0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3d5ea24c5c7935dd53c85f58933445af5841ffaefa8e76193cbd895c27093af
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5491ACF3F1152587F3584D28CC983A26283DB95324F2F82788FA9AB7C5D93E4D095384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a52f412fd75b3e54abe37b459cc379afe7e4456b07119d6b81ea169092049afe
                                                                                                                                                                                                                                              • Instruction ID: cc8e7ececf7f9452afd69e151d8f6440b65e049f8e8472ba64253652abfb64a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a52f412fd75b3e54abe37b459cc379afe7e4456b07119d6b81ea169092049afe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EA17DB3F1122587F3584929CC583627683DBD5320F2F42798B59AB7C1DD7EAD0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 343e74cf9801bbd23005d148faecb259f897fe7b016dfa1a43c8cabef31f67e8
                                                                                                                                                                                                                                              • Instruction ID: 012a350539d13cac6e11dd964747a2da4a4d5bda39e6eabd8c32047f8beceffa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 343e74cf9801bbd23005d148faecb259f897fe7b016dfa1a43c8cabef31f67e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F919CB3F1022147F3584D29CC593627682DB95324F2F82788F9DABBC4D97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 63c876f98f27970b46a0208814bcc992f35efd8b2b62caba71fd1371782eedbe
                                                                                                                                                                                                                                              • Instruction ID: 28919604deea2e70d8f105d3e095d80172ee62a97dcbbbbdb753ad10881dad6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63c876f98f27970b46a0208814bcc992f35efd8b2b62caba71fd1371782eedbe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79918CF3F115254BF3444969CC483A2A693DBD5311F2F82788F08ABBC5E97E9D4A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f137dfe70d8469f51a9d12e0ff83a8588a75b968acfce323ffac62db84d5ce96
                                                                                                                                                                                                                                              • Instruction ID: 9075ed4aa2e2bcf5f38a852ac6fd429ec90cc79ab36a33ca2735c1e946e85d7c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f137dfe70d8469f51a9d12e0ff83a8588a75b968acfce323ffac62db84d5ce96
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA9147B3F1112587F3544A28CC983A1B693DBD5320F2F42798F5C6B7C4D97EAD1A9288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4d39f088267d806acc1da3762ee24cf999727ae66c6028cae378e6f338dc4b53
                                                                                                                                                                                                                                              • Instruction ID: 9bf9515c15c9dac9a1efe4165d0bf0564a0f3dd3e7d8671fbbfe3a39ce6ca8bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d39f088267d806acc1da3762ee24cf999727ae66c6028cae378e6f338dc4b53
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD918BF3F1162547F3484939CC683A27283DBD5324F2F82798B59AB7C5E97E9C0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8f8968cbaf852d88e32c42e9bc854979a4144b2ab3045512b9fc030ee0cd246a
                                                                                                                                                                                                                                              • Instruction ID: 36ea8cc49b67e9370b1e6e836b18e281ca28dcc1887fed1a194640f35b7efec3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8968cbaf852d88e32c42e9bc854979a4144b2ab3045512b9fc030ee0cd246a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35919FF3F502254BF3444978CD993A26683DBE5311F2F82788E4CABBC5D8BE9D495284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: afbe82662d40bb315043f1b8d68b4cf512118b4162b472cc31d0bbfc73118f4a
                                                                                                                                                                                                                                              • Instruction ID: 441780dd4ca6833a2cbd2194f3c1bbeb8d8c8891d33cded470dcf04fa123b688
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afbe82662d40bb315043f1b8d68b4cf512118b4162b472cc31d0bbfc73118f4a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22916AB3F5162547F7984839CDA93A66182AB90320F2F427C8F9DAB7C1DC7E5D095284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b18a1d95e12775f7c95e4cbbfd2255f3af6d3b22202a71c37d147694b2a1151d
                                                                                                                                                                                                                                              • Instruction ID: c6e67e4cb879eb52b5ba4f818a0d2614867d2ed1925c94e356f3ab93d5befeed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b18a1d95e12775f7c95e4cbbfd2255f3af6d3b22202a71c37d147694b2a1151d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E49169F3F2122547F3484878CC583626643A7E5325F2F82788F58AB7C5E97E9D0A52C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c63410de68d40f2cb49ef2c9ad832811a066b046be822e6d4d73a16baec8a8c5
                                                                                                                                                                                                                                              • Instruction ID: 7e3d118367945c07bf244297f0fa56d71ca93927f3871a6a5d5adecd74cf1a97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c63410de68d40f2cb49ef2c9ad832811a066b046be822e6d4d73a16baec8a8c5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD918EF3F111254BF3544938CC583A26683ABE5314F2F82788E996BBC9DC7E5D4A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7f93d0cd0aa9115fba255619f9ad60dd86b86f470526ee90a2fe93c898b29141
                                                                                                                                                                                                                                              • Instruction ID: 27dc553e6b562e3127c71cb9d30cbeb773129e428c54a706e5bdd5169d6280e0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f93d0cd0aa9115fba255619f9ad60dd86b86f470526ee90a2fe93c898b29141
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3191ADF3F2062447F3484D68CCA83A56682DBA5311F2F823C8F59AB7C5D97E9D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 84e3eab613a72da5a22de3880a21b957d31c1d14713d36c440ad6091d0edcfb5
                                                                                                                                                                                                                                              • Instruction ID: ff39936d3d797f911d3155057fe00d4cad148bbf757ddaa3b9432b58b2fc78dd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84e3eab613a72da5a22de3880a21b957d31c1d14713d36c440ad6091d0edcfb5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50917EF3F5162547F3884829DC983A66183DBE4324F2F81788F59AB7C6D87E9D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c9d6ad7ea8d181bd52171b1d44a1fea1f054926fe7a41da43daff90e05779b52
                                                                                                                                                                                                                                              • Instruction ID: ce50cac98e897c80df5485fb5dc6d38e60fc2a0d328582a30e4c9782980deb5a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9d6ad7ea8d181bd52171b1d44a1fea1f054926fe7a41da43daff90e05779b52
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC916DB3F512258BF3544D69CC983A26693DBD4324F2F82788F886B7C9D97E5C0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ae012d6a2ebe4576c7ff3030af1bd4600ae7eebf9294db43920401b4d8a20cb8
                                                                                                                                                                                                                                              • Instruction ID: 6181dda416f80ba5c16ac5d851eff53a3734627780cb11ad0d5015af4be37cb7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae012d6a2ebe4576c7ff3030af1bd4600ae7eebf9294db43920401b4d8a20cb8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E91ADB3F112254BF3444928CCA83A27683DBD5314F2F82788B596B7C5DD7E5D0A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 329b09ffbfcffed4cdfe4ab13e7f06093ab6f26621872c28cf6aab59a8954751
                                                                                                                                                                                                                                              • Instruction ID: b959cdb4fc20bd1a174a315c3d897df7d5608dad872d30b7c57aa9adc98b5952
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 329b09ffbfcffed4cdfe4ab13e7f06093ab6f26621872c28cf6aab59a8954751
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5917BF3F111254BF3144D29DC483627693EBE5311F2F81388A48ABBC9E97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d97ca5d7c8e94780c22d68a8675f35110f15218d2f72d091b09d47dbbb6d28f1
                                                                                                                                                                                                                                              • Instruction ID: 9b6f9645ee432d3760c4d25227d574403bfcedb2bb8e54b38087b05159749fcc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d97ca5d7c8e94780c22d68a8675f35110f15218d2f72d091b09d47dbbb6d28f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C29128B3F1022547F3544D29CCA83A262839BA5724F2F42788F9D6BBC5E97E5D0653C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 725b8efab4109f68467331434daad4613cc11f58c55f77d6ea0e5f08b4f3c3d5
                                                                                                                                                                                                                                              • Instruction ID: 2eee95e862670413f6ec487868e2051eab8d77cc13a4ea4e79289ac7b6e59df3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 725b8efab4109f68467331434daad4613cc11f58c55f77d6ea0e5f08b4f3c3d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4917CF3F1122587F3544D28CC583A17683DBA5321F2F42788E99AB7C9E97E9C065388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 08c54df7aee4f156499506cb5b7525819993cde99c00137586f76c728c81916e
                                                                                                                                                                                                                                              • Instruction ID: 764bf7e5199126ab542236cc3362f4f2be9b6fffc2813cb4c82e9f986a8309f1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08c54df7aee4f156499506cb5b7525819993cde99c00137586f76c728c81916e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB918BB3F1112547F3944928CC983A27693ABA5320F2F82788F9D6B7C5D97E5D0A53C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6ba8f3be4372f12854448551da58d0ae575589972f54e675b9e8681dd909b2a4
                                                                                                                                                                                                                                              • Instruction ID: 4fbbc1fb4631886b5d539e5f240b0abdab16b581f5013a5d3df70f5b5425de7e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ba8f3be4372f12854448551da58d0ae575589972f54e675b9e8681dd909b2a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E918AB3F111254BF3844929CC683A27683AB95324F2F81798F89AB7C5DD7E5C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7c5942787083e7990e910f2c15587fc69310551cf2a2b20c34162132e58925cd
                                                                                                                                                                                                                                              • Instruction ID: 87fc8d2a2d5e92c36682ce7fa2f8677038cc9f9245d48bc0556aabbb1aeb949d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5942787083e7990e910f2c15587fc69310551cf2a2b20c34162132e58925cd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B918AF3F2162547F3484924CC993A26683E7D4320F2F82798F59AB7C5DD7E9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: be12773219313b725ce8f57d9c9fe0d7fb533ff88f6a67a94a32fdaab352075c
                                                                                                                                                                                                                                              • Instruction ID: 9c677bdacbf21e45d18037861302f919cb0df3a48712566f883737b90ac90d53
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be12773219313b725ce8f57d9c9fe0d7fb533ff88f6a67a94a32fdaab352075c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 789189B3F116254BF3544D28CC983A27683AB95320F2F82788F4C6B7C5E97E9D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7ab8731f84b3bee6acad6af6d30fd2cc05a3bcd699493c2ffcb3e8091631675c
                                                                                                                                                                                                                                              • Instruction ID: 4eb00af9ec24ca98ec915878dd67e98a494eebba2cfef0d3d61b3a115858d4d5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ab8731f84b3bee6acad6af6d30fd2cc05a3bcd699493c2ffcb3e8091631675c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E918CF7F6162547F3804974CC983926283D7E5320F2F82788B58AB7C9E97E9C0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ffd22443cbb72973ae82b74021a11b64038939e3b1f68daa3dd664aae5ee4b44
                                                                                                                                                                                                                                              • Instruction ID: 00b4e242fe775ff4d1a0d6a48258790af960a34d891c802c4ba334511fca0750
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffd22443cbb72973ae82b74021a11b64038939e3b1f68daa3dd664aae5ee4b44
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38816DF3F2162547F3444979CD983A26283EBD4310F2F81788B499B7CAD97E9D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 424b5e04442c0073c8e0fb6c1b5dfbfb73da086440274d1ce5a9d587e1a90cc6
                                                                                                                                                                                                                                              • Instruction ID: f0be196a0da99b550653468014ad5c6561d233e4a42722a2663cce423a719b69
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 424b5e04442c0073c8e0fb6c1b5dfbfb73da086440274d1ce5a9d587e1a90cc6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A81AFF3F5052547F3544D69CC983A1A283ABE5320F2F42788E5C9B7C5E97E9D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: aad461198232b7a5984e531b00726532ca5592b8601025359614c3b578259f56
                                                                                                                                                                                                                                              • Instruction ID: 9f62be3dea4d4ee0a8f15151746505ae3430dfc7cf0e93bea65f9549b77ddbb3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad461198232b7a5984e531b00726532ca5592b8601025359614c3b578259f56
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 079148B3F5162487F3544929CC483A2A6939BD4324F2F81788E4C6B7C5E97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e3b7aa8a5a5824588522b6cca8d9882aca3cc8b0c62097f79ca7be6d11e23854
                                                                                                                                                                                                                                              • Instruction ID: 01744f6579a8ffb2d00fba4e77a7423ba1710315e698ef57d8154d2c406f84e5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3b7aa8a5a5824588522b6cca8d9882aca3cc8b0c62097f79ca7be6d11e23854
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A9158F7F5162547F3540868DD9836265839BE1324F2F82388F5C6B7C6D87E8D4A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3b0fcc0c377c030ccdf5acc97d9ca191b5315cb6acadbe024f830badde27cc44
                                                                                                                                                                                                                                              • Instruction ID: bcb6fcc9ef6b8ffe4e3f8a28bdd500664bd9eb287d8479e051b44c3a82ce577e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b0fcc0c377c030ccdf5acc97d9ca191b5315cb6acadbe024f830badde27cc44
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2891C0B3F016258BF3544D38CC983617693DB95320F2F82788F296BBD9D97E5D095284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7c332b4ebb88924ab5706d265292ae02a5592f17c38163490675bb1c1ae042d3
                                                                                                                                                                                                                                              • Instruction ID: e7c8f517d22633c8742e497e90f0ebee18d37d5f8302305b8d9d85d4a398df6a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c332b4ebb88924ab5706d265292ae02a5592f17c38163490675bb1c1ae042d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC8189F7F5152587F3400968DC983A2A6839BA1324F2F82388F5C6B7C6E97E5C0A53C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c24504d18c86012701eff8fbb0c598fb367e992cacf40d82ba33f504fbd5af69
                                                                                                                                                                                                                                              • Instruction ID: 463f68214d621881ad3b3035d14d223f3146224049e12db04cdcc7dadfff1a3c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c24504d18c86012701eff8fbb0c598fb367e992cacf40d82ba33f504fbd5af69
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E917DB3F5122547F3504D29CC483526693EBE5324F2F82788F98ABBC9D97E9D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fb4a434c219d2e39b954c191025e5d4a9e7fdae5770241247d81ea3ab0ff935e
                                                                                                                                                                                                                                              • Instruction ID: 5ca0dcb8cfe6e6f29f0abaaba4cfc4ebf1e279aabdea11f1d8370dfb70c8806c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb4a434c219d2e39b954c191025e5d4a9e7fdae5770241247d81ea3ab0ff935e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5818BB3E1112587F3544E29CC583A176939BD4324F3F82788F586B7C8D97EAD1A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 57a96c6f7e32363cda66912961b5c0ed3eeb790bfce60d203496a187299bb200
                                                                                                                                                                                                                                              • Instruction ID: 979f8422c7e2abff51754de773c780ec6209ba8a62e75356df74bf82c02e2e97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57a96c6f7e32363cda66912961b5c0ed3eeb790bfce60d203496a187299bb200
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C814BB7F5122647F3544978CC683A26583DBA0324F2F82788E4C6BBC9E87E5C4A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ce885b56cf3e0f90e9fd0e2b03b21261f436d1c87f9bf57eb87adf6162da7d1f
                                                                                                                                                                                                                                              • Instruction ID: db22e1c7268c240629ee2362f00f8555381809a93992a21babce713842296f98
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce885b56cf3e0f90e9fd0e2b03b21261f436d1c87f9bf57eb87adf6162da7d1f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63816AF7F1162587F3504964CC983A26283EBA5321F2F82788F5C6B7C5D97E9D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f73edd06bbbe5853a39bc9372f6063b68727707fb30f9c2740f9b7cbaae19669
                                                                                                                                                                                                                                              • Instruction ID: 91805cce82d7c27c20254e7b5522b8758a6955db100146b40b6ae6fadcfdb505
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f73edd06bbbe5853a39bc9372f6063b68727707fb30f9c2740f9b7cbaae19669
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E08157B3F111258BF3584928CCA83A16683ABD5320F3F82798B9D9B7C5DD7E5D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f5023626b5414aafd95656729092079686d5985426652727e40b2ede268ffbab
                                                                                                                                                                                                                                              • Instruction ID: 72743d49e557c4ff3801f2a8e4beaf80d893e45e860321fc30366ea6d97c6494
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5023626b5414aafd95656729092079686d5985426652727e40b2ede268ffbab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 418179B7F5122547F3544879DC983A26283ABD5314F2F82788F886B7C6ED7E5C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9ec3ffb4021f782b446181a895bbeeadfe6906936056c81035cd1efdb9c5e33e
                                                                                                                                                                                                                                              • Instruction ID: 99773f699d8d54be9fb0456f527f64f75d8b50f8c7353ea7801c7be4c8d4ac49
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ec3ffb4021f782b446181a895bbeeadfe6906936056c81035cd1efdb9c5e33e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C816AF7F112254BF3544D29CD483A266839BE5324F2F82788E9C2B7C5D97E5D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 426d4d24dc5cad0ca92d25d8d8828e7fae6421e63757b321fc6e1f1b87bcc3ee
                                                                                                                                                                                                                                              • Instruction ID: 77711bba13015044348bcec9c85f2ff0f52df97c51efa19bca8c238eab61b786
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 426d4d24dc5cad0ca92d25d8d8828e7fae6421e63757b321fc6e1f1b87bcc3ee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5819EF3F112244BF3944D29CC983627693EB99310F2F82798F58AB7D5D97E5C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: af5590d832b1efdb5e38e9759fa184f99f9f8a3c1e33a700ff85857022f2d053
                                                                                                                                                                                                                                              • Instruction ID: 23c4a8bbf7619fe48be6344238674b658132989fa0e5630a5304fdf64d89dc4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af5590d832b1efdb5e38e9759fa184f99f9f8a3c1e33a700ff85857022f2d053
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D81BDB3F5112547F3440928CCA83A2B693DBD1324F2F82798A58AB7C5DD7E9D099384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 14c4730bd625537a5ade386b4df012743399ca2dd9d19e7d9d28822e560c6893
                                                                                                                                                                                                                                              • Instruction ID: d1a3488669a7b4e2b7566316f8fb2f22231deb726bdcdc389e7637e77c59c465
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14c4730bd625537a5ade386b4df012743399ca2dd9d19e7d9d28822e560c6893
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32817CF3E1163547F3544978CC983A2A692ABA0324F2F82788F9C7B7C5E97E5D0952C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5139bbd09fa9c6b627e6fa47dd66b22763c08ffffc8dac81664a966e34aa818f
                                                                                                                                                                                                                                              • Instruction ID: d1e7bd543799ad01cdb20ed5e5088f64c0a215a8350d48e86eb44cd6ce92bb99
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5139bbd09fa9c6b627e6fa47dd66b22763c08ffffc8dac81664a966e34aa818f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64815DB3F102258BF3544E29CC983627693DBA5320F2F42788E9C6B7C5D97E9D055788
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 74d77f93bfcacf0bae00a0744752d92d732aa41848b1ccc6f68b9d3335fa98b5
                                                                                                                                                                                                                                              • Instruction ID: daa037cb7834de049de2e99238b1e5711373180a832732a96dfc300b65b88de7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74d77f93bfcacf0bae00a0744752d92d732aa41848b1ccc6f68b9d3335fa98b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53819CB3F506244BF3484929CCA83A26583DBD5320F2F827D8B5E5B7C5DCBE5C0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2f224792805b8b0a9fdbfad214d50f69b6fdd8f80eb68797f69260ccdd14e7bf
                                                                                                                                                                                                                                              • Instruction ID: 2a64a2c5415674440f1368acb8a31c931dce1df5af9f2210c9cca72ff1744e90
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f224792805b8b0a9fdbfad214d50f69b6fdd8f80eb68797f69260ccdd14e7bf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47816BF3F215254BF3944925CC983A26683DBD5311F2F81798F486B7C9D87E5C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0c8868eb74a54dbc42b89993062847f3d3bb841e5ef1dc238789b0a8a613adb4
                                                                                                                                                                                                                                              • Instruction ID: 05777e0569c7d66519b6135abf4fb61a11abb04d1d39df36f6613f88a9a61161
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c8868eb74a54dbc42b89993062847f3d3bb841e5ef1dc238789b0a8a613adb4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 658176B3F112254BF3580929CC583A26283ABD1714F2F82798B496B7C9DD7E5C0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8d8f3881833c291cbc78e634e97654074952a4ba898f6d2cadfebdb63bc90b42
                                                                                                                                                                                                                                              • Instruction ID: 48ae7037a88d92beccec2e22e49540d393bffdc5f7792f17db11059325035ab4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d8f3881833c291cbc78e634e97654074952a4ba898f6d2cadfebdb63bc90b42
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D81BDB3E102258BF3640D68CD983A27693EB95310F2F82798F9C6B7C4D97E5D099384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9d82e9a9cf5e6f9a5a6839f8a07cfe62f254dc14887437c24223cf7f16e872f5
                                                                                                                                                                                                                                              • Instruction ID: 151df26dc06040789db97643ff739e4f6b88124baefcd5fbaf9f5584eb2400df
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d82e9a9cf5e6f9a5a6839f8a07cfe62f254dc14887437c24223cf7f16e872f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 878168B3F1121687F3444E29CC983A17693EBD5310F2F81788B495B7C5E97EAD1A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4630be40c6f2ec115f5092597f05384794d4a1add40fc20ac003d8840aca76ec
                                                                                                                                                                                                                                              • Instruction ID: 1167e7ceb6bbc07c075892be11ffcac5f30d2518822ab6df2eda0aedc50b8936
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4630be40c6f2ec115f5092597f05384794d4a1add40fc20ac003d8840aca76ec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C481AEB3F516258BF3504968CC983A17292DBA5320F2F42788F5CAB7C1D97EAC0963C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4aacc554dd1d94cec9a54873ec1e2d98e4c08643e2c5023a542a783153c82a03
                                                                                                                                                                                                                                              • Instruction ID: f41bb24c0f7e22f3470e7dc9571362b8cf335521569180521f26e8dd2a6647d3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aacc554dd1d94cec9a54873ec1e2d98e4c08643e2c5023a542a783153c82a03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A8189B3F112298BF3580D29CC983A176939BD5320F2F41788E5C6B7D5D97E5D0AA388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f79d3d5496c424bc34e53a0202393255a1e35ce74463a7b8b03bb44437fdfd53
                                                                                                                                                                                                                                              • Instruction ID: 445d92b9181d82e3fdd29b55f569548712f96d4fe269aba4b16253703833813b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f79d3d5496c424bc34e53a0202393255a1e35ce74463a7b8b03bb44437fdfd53
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D8159F3F1162547F3448929CC983A17683EBD5324F2F82788F586B7C5E97E6D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3dc5ae10ee2d24531f2973363a3ae6064f9d31586168ab0a6bc6a41cddb3ad57
                                                                                                                                                                                                                                              • Instruction ID: aa1f8c157c07c1a749142e7950905c091c9611d0c68eec014d69febffec6cf68
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dc5ae10ee2d24531f2973363a3ae6064f9d31586168ab0a6bc6a41cddb3ad57
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B78159B3F5063547F3904879DD8839266829B94324F2F42748F9CBBBC6D97E5D0A52C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a7688295e24dbf006e1b8f0134321a3faacf8b3212cf9ff3dc4f49e7193dc7d6
                                                                                                                                                                                                                                              • Instruction ID: 375df4fe69cf341350aab3c0d05bc69b38a66ca20e526600e5f58df666e76524
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7688295e24dbf006e1b8f0134321a3faacf8b3212cf9ff3dc4f49e7193dc7d6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24818BB3F4122587F3444A29CC943927653EBE5324F3F82788B585B7C5D97EAC0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 047b2278bf10659e92b235a8979b99542b7f3332979802076b52bbf59cf8053e
                                                                                                                                                                                                                                              • Instruction ID: d44ff1a6db7bc1ca1bdcd77d57dc88f9bd5a25a6e07f18d4b51c17ef3ab711eb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 047b2278bf10659e92b235a8979b99542b7f3332979802076b52bbf59cf8053e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24817AB7F111258BF3444A29CC583A17693EBD5320F2F42788F496B7C5D97E6D0A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b6c344e1dee3518ad23b3b3f8c3e8876d6112fb5a38747174111c2ebc42df22f
                                                                                                                                                                                                                                              • Instruction ID: bf9db97585a10294434bcfe03608b3a2ab5470e31ec75134f83e4e23d4bc4ae6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6c344e1dee3518ad23b3b3f8c3e8876d6112fb5a38747174111c2ebc42df22f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0581B0F3F212258BF3944929CC883A17693DB96320F2F42788F5C6B7C5D97E6D095288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 11c9fab966ba0bc9eb3c26a7d0990a2998d9c2aafcb55616db3c8414bb83fc11
                                                                                                                                                                                                                                              • Instruction ID: d25d7da12aa0619a2530dcf554f488e5e8997d4ccb159d61939dea3be25f2e1a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11c9fab966ba0bc9eb3c26a7d0990a2998d9c2aafcb55616db3c8414bb83fc11
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 158158B3F1122447F3544D39CD583626683EBA4314F2F81788F89AB7C9D97EAD0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8303f923fb28d20222f6cc2ef9a40455d12ef6419199de1e2dd2963df10a4713
                                                                                                                                                                                                                                              • Instruction ID: 422a4a5ac8ed0bff55f6907c6da4e6f6c7923afdc3fcdbf2624a3892e0706a1c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8303f923fb28d20222f6cc2ef9a40455d12ef6419199de1e2dd2963df10a4713
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD7155F7F1162547F3484868CDA83626582DBD4314F2F82788F9DAB7C9E87E9D0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fa69d5a414a5924897102c75e55e5808049bfe145b69f26abf880821f06fdb67
                                                                                                                                                                                                                                              • Instruction ID: 994bd12ea8ca0b9a3db50ea1353b78ef5e9e1031429128d93e915bdde9028534
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa69d5a414a5924897102c75e55e5808049bfe145b69f26abf880821f06fdb67
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD8129F7F1162587F3544A29CC983A17253EBD4321F2F41388B4C6B7C5E93EAD1A9688
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1281244875d377ebb9c87f5a955bafbf814d150936c115e5e776a8a0e0a1bfbb
                                                                                                                                                                                                                                              • Instruction ID: 550357e6c967531b69f54f04be5fc75ea0171abc03bde1ab32856c5fa91e9602
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1281244875d377ebb9c87f5a955bafbf814d150936c115e5e776a8a0e0a1bfbb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF719BF3F2262547F3584939CD583A266839BD9310F2F82788F9C6B7C8D87E5D095284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 65074584b1c7c5477c4ca9066aeea5019baf3bd474316dfb7c08882ff393d81f
                                                                                                                                                                                                                                              • Instruction ID: cac160a508214024642e44db9722efc46a1f5eb8df55cc4e6474d68a0e68c7c7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65074584b1c7c5477c4ca9066aeea5019baf3bd474316dfb7c08882ff393d81f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B718EB3F1112547F3544D29CC983A2B693EBA5320F2F81798F9867BC9D97E5C0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 67ed29126bb97a85677c69f22fd9bc54d1b1cdec2b230e98faa7ca37c1a90748
                                                                                                                                                                                                                                              • Instruction ID: e2bf3d47ee600553d39cd00d55257af3b9f3a800ab3d6522c9435894aba4d791
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67ed29126bb97a85677c69f22fd9bc54d1b1cdec2b230e98faa7ca37c1a90748
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A671DFF7F112248BF3444969CC983617283DBE5321F2F42388F586B3C5E97E5C095288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 70df4af0560f88ae4448fe49ebefc684ee3125b7ceef4db933d97324f1a616ef
                                                                                                                                                                                                                                              • Instruction ID: 620bf9ab37ab8a4271f50e999f4188c2f9a4327f0e8a3f70b09f34b5a8292682
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70df4af0560f88ae4448fe49ebefc684ee3125b7ceef4db933d97324f1a616ef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7718CB3F1022587F3584D29CC683A17683EB95324F2E827D8B599B7C5DD3E5C099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a63e4845272e9f90e01bfaaa6b94accde1fa56b2cb00b45bda24409202c57bb7
                                                                                                                                                                                                                                              • Instruction ID: a23bbc43d59f1d3abcd9084ee0f192d2c26482905744a91ed4387300c00bd858
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a63e4845272e9f90e01bfaaa6b94accde1fa56b2cb00b45bda24409202c57bb7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48718CB3F116248BF3544D39CC583A27692DB95320F2F82788F896B7C9D97E5D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0cbb7248bce143f0dc402ae56790571134c0860229b7ce706ccd6e35277f5f7b
                                                                                                                                                                                                                                              • Instruction ID: 75aada162099454036ba0a9a9671ceaa17df1de2bedb5cc7e3cd710b54ea071b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cbb7248bce143f0dc402ae56790571134c0860229b7ce706ccd6e35277f5f7b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB715AF3F215258BF3944D28CC583A27652DBA5320F2F42788F586B7C5E93E5D0962C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 12298d1c4b197172de79201e6d44973d8fb15b133d632544a5cb89eb6978bcff
                                                                                                                                                                                                                                              • Instruction ID: e6ac4e7ffe0840ddb2e80e102494377c2d0e27e61700b2fcbde1ec2000590387
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12298d1c4b197172de79201e6d44973d8fb15b133d632544a5cb89eb6978bcff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9717EF3F5162587F3944D25CC953A2B282DB94314F2F81798F48AB7C5D97E6C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f6e3403614018cf2c403ca7210ca1b3da3bbe920006e27da5cdef6963726d622
                                                                                                                                                                                                                                              • Instruction ID: d57828d728ee3c48bd559c666fe76496fd1ec5472ac837be4deae0a612fa4e37
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6e3403614018cf2c403ca7210ca1b3da3bbe920006e27da5cdef6963726d622
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D718AB3F1122547F3544969CD983A2A683ABD5321F2F82788F4C6B7C9E97E5C0A53C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d3b5206919e3d14b0298ea693e9f8910f2c3e765516f1760fb4325bc9c07a84f
                                                                                                                                                                                                                                              • Instruction ID: 12dd0a910dc87bffc47d35b6f22a187770b5c8b4f4ac7a36f29b301f08b3f37a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3b5206919e3d14b0298ea693e9f8910f2c3e765516f1760fb4325bc9c07a84f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48717BB3F5162987F3544D29CCA83A27243EBA1314F2F42788F886B7C5D93E5D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1fd49d1f8083f5b56b53f6a8e11d83a04b8a54d6ff0629af421445c195a777dc
                                                                                                                                                                                                                                              • Instruction ID: 6fd5709949d119126e6b4a16789e7a3ce41011b7f6b2d5b5c4e1a75850bdffb2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fd49d1f8083f5b56b53f6a8e11d83a04b8a54d6ff0629af421445c195a777dc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9614736749AC04BD32C897C4C212AABAD35BD6330F2DC77DE9F6873E1D66588858351
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0f9da9964365e1e86e2f93be5aa9b8037429c94956b714b259e362038e996750
                                                                                                                                                                                                                                              • Instruction ID: 302bd0dcb53d928905a321ba2441a347deba67f075c379947fd3a1453177b1ee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f9da9964365e1e86e2f93be5aa9b8037429c94956b714b259e362038e996750
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6717CF3F5122547F3484C78CDA93A66683DBA0324F2F823C8B5AAB7C5D97E9D054284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7e84f52518eb64e242db55c0b51e82ff5308ac153ba790cff63a3f4388d508bf
                                                                                                                                                                                                                                              • Instruction ID: 95db9484dd83c1842fc56a42d5251b1737b418c3cd265eed04fa4ab7197d74bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e84f52518eb64e242db55c0b51e82ff5308ac153ba790cff63a3f4388d508bf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D71CFF7F112258BF3844D68CC983A27682DB95314F2F41798F58AB7C5E87E6D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 043912b3dd53af7571f9f8b21467fcf9d1d29838b82156c2edb3e5f61def6499
                                                                                                                                                                                                                                              • Instruction ID: 2784b3d8061505666ed982f514628a59a6f201fce6aadb80e90a49790d8a8095
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 043912b3dd53af7571f9f8b21467fcf9d1d29838b82156c2edb3e5f61def6499
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A717BF3E5122547F3544D69DC983A266839B94324F3F82788F9C6B3C0E97E9D099384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f5eed5af2208b3cf3785dc0f22db25e0567ac02f88e6ad55fd2ee2127ad2da6a
                                                                                                                                                                                                                                              • Instruction ID: 3d0b2d0b850da80c8d22b1c2f158b0da325471b68f8b173ba8974a4f3ae8fe7d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5eed5af2208b3cf3785dc0f22db25e0567ac02f88e6ad55fd2ee2127ad2da6a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5719FB3E102258BF3640D69DC983A27692DB55320F2F42B98F986B7C5D97E5C0593C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c97a989a71198969533dfff16aa675a2ef9b2a7585569b3b4aead6febc8c6113
                                                                                                                                                                                                                                              • Instruction ID: ed19a5127b2a7d9f092cafcf67bba9f772739231807936dc61405a108472ed29
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c97a989a71198969533dfff16aa675a2ef9b2a7585569b3b4aead6febc8c6113
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66717BB3F116254BF3444D28CC983A27683DB99314F2F81788F59AB7C5D87EAD495384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3dabca4c1abce25ae51d04bb0fc17aa38eaf4fad95da715d3ecd25d6a584f8e9
                                                                                                                                                                                                                                              • Instruction ID: 097df4c660d3950e91b25d918db2b11e095113b3105cb335f3c15832ad779486
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dabca4c1abce25ae51d04bb0fc17aa38eaf4fad95da715d3ecd25d6a584f8e9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE719BB3F102258BF3544928CD583A26683DBD5310F2F82788F586B7C9C87EAD4A53C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7aa5c0fc1901f57c4a3e2e8b4120d1904c1e081de80360d4ff5b4b836d8eb2e7
                                                                                                                                                                                                                                              • Instruction ID: 50a7c070a1d5024a0c3e006757c84fa1f965e1332d00b28cf289a3b0a3361e05
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7aa5c0fc1901f57c4a3e2e8b4120d1904c1e081de80360d4ff5b4b836d8eb2e7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6717AF3F1022487F3544928CC983616293DBD5325F2F82788F986B7D9E97E5D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f43362579d236dbac72b1d07b2e370efce9e4467d2e8bfa8f41d9fa06bb1053a
                                                                                                                                                                                                                                              • Instruction ID: 18669d1f5b220e45343bad1718e7af34e54332ba1f4336b8c89cd5566bb7e1b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f43362579d236dbac72b1d07b2e370efce9e4467d2e8bfa8f41d9fa06bb1053a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD61A0F7F016258BF3044D78CC983A26642D795311F2F82789F686BBC9D97E9D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a161a3e4abd2a046c913ee67716405fd6bcfd6e1183271b64da2459d329a7b97
                                                                                                                                                                                                                                              • Instruction ID: 46bd88485535b2361a2fec7e1353ac26775b5bc9db3a5a972536b58f544a867b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a161a3e4abd2a046c913ee67716405fd6bcfd6e1183271b64da2459d329a7b97
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 576146F3F1122587F3544A29DC943A16293DBA5324F2F41788E9CAB3C1E97E6C569388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1194069ef329c0f0fd82a19731a18020592d127db8301db785d13545b2d99f42
                                                                                                                                                                                                                                              • Instruction ID: a7080d06e17d42af6e17f0c37e4ea26b6f7b6b0de515894e96b76fe7fced2d7d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1194069ef329c0f0fd82a19731a18020592d127db8301db785d13545b2d99f42
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 916180B3F606254BF3984978DC893A27683DB95310F2F81788F48AB7D0D97E5D095388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: bdf5dc413c5a79c5271d5f05d0599cf1ff1aaa01db4a64b6596c8d3b6c74fdc4
                                                                                                                                                                                                                                              • Instruction ID: dc326dec8919ca2c41b733db2e55f93ff59acd96515aeaabd7684ea97f150954
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdf5dc413c5a79c5271d5f05d0599cf1ff1aaa01db4a64b6596c8d3b6c74fdc4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01619CB3F101254BF358893ACC583A27683DBA5310F2F82798F99AB7C5D87E5C0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1165779dc3e0567163e66f273bc4e42566fc2fb4097520384bc4520ff40b9b79
                                                                                                                                                                                                                                              • Instruction ID: 08a12ce1ba3bf7ce3d079d9d615b8c08133d3321ee306b4c5d57e56fda22d9c8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1165779dc3e0567163e66f273bc4e42566fc2fb4097520384bc4520ff40b9b79
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5951ABB3F1112587F3548E29CC983A17293DBD5310F2F82798F496B7C5E97E6D099288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2b9880146afbc5461f1c1fc512236b3466cd9e77485b37f2a380e9708b2d32b0
                                                                                                                                                                                                                                              • Instruction ID: c70e7c47c9fdef1d629a734d13cb9d9755531f543cb32e0f5b85c157f4bf25e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b9880146afbc5461f1c1fc512236b3466cd9e77485b37f2a380e9708b2d32b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E55167B7F112258BF3544929CC983A12683DBD4320F2F82798F8C6B7C5D97E5D0A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e3cfa81591398128de15b33cb2d089abe18c52557f92503e4fd1d1723d535df0
                                                                                                                                                                                                                                              • Instruction ID: 2a4d7a22e4883caba9545d985ab39d89f4f4f795d8742ec87792be760c3af5ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3cfa81591398128de15b33cb2d089abe18c52557f92503e4fd1d1723d535df0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F513BF3F5122487F3584929CC983A27293DBA0311F2F81788F49AB7C5D97E9D0A5788
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0877c7d998755f971a0c5b1374ce9ac1763e9db12fc6e303c16505294c7620ad
                                                                                                                                                                                                                                              • Instruction ID: 48999031a48570a19530c5243c385c270f4705e3114a3aea9b9955276a7eb702
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0877c7d998755f971a0c5b1374ce9ac1763e9db12fc6e303c16505294c7620ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E516BF3F1112487F7448928CCA83652293DB95325F2E827C8F596B7C9E93E5D099388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9a3152d14deffabbd293991707cc4fc11116a5d84551f01ef59b9ccf120f1cb8
                                                                                                                                                                                                                                              • Instruction ID: 3fd1e66d44e0d1f7bd67e700d4cd6f20dae9281d4e11043785566f82bb467594
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a3152d14deffabbd293991707cc4fc11116a5d84551f01ef59b9ccf120f1cb8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72516DB7F1112587F7544D28CC583617293EBA5310F2F81798F886B7C9D93E9D0A9784
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1c96a4522967a5bc9edc4ffd7db1fedc3acc6f520ed09dc9a22589dab254904d
                                                                                                                                                                                                                                              • Instruction ID: f19b53624732eb6349f18c8491fd03b7fb973dd2e3d9930844a00e2fe93299bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c96a4522967a5bc9edc4ffd7db1fedc3acc6f520ed09dc9a22589dab254904d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A5129B3E121258BF3944A25CC583A27293EBD5311F3F81798E486B7C4E93E6D1A5388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fbd419ed287bf0d37a3da33207f32231b75a84b8e2c6e07b8e51659aee51f343
                                                                                                                                                                                                                                              • Instruction ID: 311a9e960ca542c6913c577e3932b60f867c57b49b6cfebc16e5a7fa7db6307b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbd419ed287bf0d37a3da33207f32231b75a84b8e2c6e07b8e51659aee51f343
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77515DB7F102248BF3544E29CC943617392EB95714F2F41BD8E986B7C4DA3E6D499388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e9775c771f1aed8e36691eb1b0350657a2e9ef0de281965179a43b85161b3557
                                                                                                                                                                                                                                              • Instruction ID: 487177995dbce93f8f166a1a72a264cd83cd8c28e1b5e75502bd533bf336750c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9775c771f1aed8e36691eb1b0350657a2e9ef0de281965179a43b85161b3557
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE5189F3F1112587F3944928CC593A27683DBD5314F2F82788F49AB7C5D97E9D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a1169179fe25acfda065990ffe8e8f42fbe0b6d0c7404039602206d9070d5d1b
                                                                                                                                                                                                                                              • Instruction ID: 8c049bfa7faf1b54b9fdb453716e4ae49879ffb3cf06569a9d0abfc174979ce1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1169179fe25acfda065990ffe8e8f42fbe0b6d0c7404039602206d9070d5d1b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8515BF3F1162587F3984D28CC983627682EBA5314F2F827D8F58A77C5D97E5C095288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e1800c9433a1cef89b11c13cad004c82832dc3d6f3ea61492ad78f59349a8770
                                                                                                                                                                                                                                              • Instruction ID: d2c45907b4f7f4140c7ac83f84e78ad4dc46aa2233269390b17645f9d5a9bf67
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1800c9433a1cef89b11c13cad004c82832dc3d6f3ea61492ad78f59349a8770
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25516CB3F115254BF3448924CC583A2B693EBD4324F2F82798F58AB7C5DD3E9D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2ff6594655d5a497ae9d9f045f0fea16872defdf4adb6201b5064c81e67e6af4
                                                                                                                                                                                                                                              • Instruction ID: 8e94b7407aa280368fa895bd732f74be227bbabaa970e6388fde82decdf1be5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ff6594655d5a497ae9d9f045f0fea16872defdf4adb6201b5064c81e67e6af4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 335136B3E082284BF3186968DC543B676DA9B94320F2B423DDF9897BC4E97D1D0942C9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0b5ea137b7dc8e23141a0de9c33a2539b3100bc888f069c76a99ce92a9353fff
                                                                                                                                                                                                                                              • Instruction ID: d525bd026cf7e3128118d9298a7fc1846ec7337150a9cdf790da3ce41109f523
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5ea137b7dc8e23141a0de9c33a2539b3100bc888f069c76a99ce92a9353fff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 295158B3F516244BF3548D65CC883626283EBD1315F2FC2788B985BBC9D87E9C0A5384
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f746aa1ddd47e3b8aa3af0453307334f07d533995f0284fe1f8399a4b4aac706
                                                                                                                                                                                                                                              • Instruction ID: a34917a113edfc1cd0f841b739ac1718961e88e68fab727ad6c967389705e487
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f746aa1ddd47e3b8aa3af0453307334f07d533995f0284fe1f8399a4b4aac706
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A5169F3F5152447F3588839CC9836265839BE5314F2F82788F586B7C9DC7E5D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b745cc1509a657f68f67c822af8910988e2742701c7c1e306859e428a4aeb727
                                                                                                                                                                                                                                              • Instruction ID: 257a5dff3e71141a935c6b5f656ffd95365fc8177861762c750ab2920c40c69e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b745cc1509a657f68f67c822af8910988e2742701c7c1e306859e428a4aeb727
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 135160B3F506254BF3944929CC983A13692EB95310F2F4278CF4CAB7D4D97E9D096788
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 8a43c4688d530e6bf027b386481cb1011c26f380dde5de5d69e9826c7fd0c725
                                                                                                                                                                                                                                              • Instruction ID: 50d68d590d70f1cc221013588df7ac90094d6a5434976b4aac6e6183a7bd73ed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a43c4688d530e6bf027b386481cb1011c26f380dde5de5d69e9826c7fd0c725
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6241897A608300DFD3288B94D880ABABBA3F7D5320F5D553DC4C527A62CB70588187C6
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e2d71748e71a9b61d13203d9ea7fbcf1933945b7c4918d9c7b41240f4e9e8eb7
                                                                                                                                                                                                                                              • Instruction ID: 59cf29edc639e05b9a346f07af64f1ad2e05609a90d258b4a97c4a4c4af194cc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2d71748e71a9b61d13203d9ea7fbcf1933945b7c4918d9c7b41240f4e9e8eb7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD418CF3E1122187F3544938CC583627652EB95314F2F8278CF486B7C5D97E6D0A9388
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 19fca239a39b2f2385f423305bce76c481e735504f56579af72bbc81dd5d3306
                                                                                                                                                                                                                                              • Instruction ID: a44d63233a8ce8da1af63ed16bfefe71fefa961abe0db755a0c9f504e8c2f56a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19fca239a39b2f2385f423305bce76c481e735504f56579af72bbc81dd5d3306
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA418BB3F516248BF3454929CC983A26283DBE5310F2F8175CB585B7C9E87D9C0A9288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e89af9c2fe304a872b0886517188b825588b3cbfb6ced10a15170b4c22326917
                                                                                                                                                                                                                                              • Instruction ID: 801a8e3dcf8f560cebcd5c69af32e24fbd920c738f5b4498376a9963388535e6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e89af9c2fe304a872b0886517188b825588b3cbfb6ced10a15170b4c22326917
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E41A0F7F116248BF3804925DC883617252EBE5315F2F82788F586BBC9D97E6D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5f227eed6955045936a4d569a920f5cfdd141850ebf4839cebcd409fbd21d377
                                                                                                                                                                                                                                              • Instruction ID: 862b19d5401e2a614bbd584dea568d3835fb2b36e44ac35d97fa06803db9aa07
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f227eed6955045936a4d569a920f5cfdd141850ebf4839cebcd409fbd21d377
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B3168B7F6163647F3904879DD883A265839BD4324F2F82748E9C6BBC6D87E4D0A12C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ec8f1bc35cb69bfc9b390e9bfee6fca4fd9ca955b15f3abe43e0e62a9c197501
                                                                                                                                                                                                                                              • Instruction ID: 7bd3dab11c4f47691dc76c786f950e9dcfd64704de02e94aab24391ace86162e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec8f1bc35cb69bfc9b390e9bfee6fca4fd9ca955b15f3abe43e0e62a9c197501
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1314CF3F116204BF3548879DC98365658397D8324F2F42798F2DA77D1D8BE5D0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ee1061c62eb2ebf7f5cac79b592976a98898bd052204f4f74a0e227ac3aa3657
                                                                                                                                                                                                                                              • Instruction ID: b57739e3011982fb48b457d41eab78d4bb1b74fa2f62d801926637a839fd9d5d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee1061c62eb2ebf7f5cac79b592976a98898bd052204f4f74a0e227ac3aa3657
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 643112A7F5112107F7584879DE6D36258839BE4324F2F82398F5DABBC9DC7E4C094288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 27a84054e670ee5db6e3bbbcd2c23b406f1c9a9d6726125214026919b2989932
                                                                                                                                                                                                                                              • Instruction ID: 44affb66b497e5075325c6a2d89cc909c41bf7228e392d958b9b37f85f69f39c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27a84054e670ee5db6e3bbbcd2c23b406f1c9a9d6726125214026919b2989932
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D313CF3F2142007F7584878CD68369548397E4325F2F82798E9D67BC5DC7E4D0A4284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0c0cc2ee900ada61e7ce924e7fc3734915672927a1bbaabdc701b5133b2cd8e0
                                                                                                                                                                                                                                              • Instruction ID: 0624da5d8db73cbdc943100df8d3881e0363be81c3ce3e925e94a507c1ea6954
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c0cc2ee900ada61e7ce924e7fc3734915672927a1bbaabdc701b5133b2cd8e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A319CF3F115210BF7588838CD98366658397A5320F2F83798F1DABBC5E83E4D0A0284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9cf19118d300b9736df6cfdf390e618921d85d634b937947923b4962d94dbff0
                                                                                                                                                                                                                                              • Instruction ID: 289b1354b382d0e5d0f0a477041af3347932a13e428e20e6167563862d0d1504
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cf19118d300b9736df6cfdf390e618921d85d634b937947923b4962d94dbff0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA315AF3F1142547F798482ACC253A651839BE5320F3F82798BAD6B7C5EC7E5C0A1284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f53605d5237947c5c64bddae12325a09008ce61337a371e7ab2574f424f9dff8
                                                                                                                                                                                                                                              • Instruction ID: db7a159f63582dea42e30f4391474ef13e00a199dc6fb7e0d4490b84fd844d3f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f53605d5237947c5c64bddae12325a09008ce61337a371e7ab2574f424f9dff8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 753116F7F5062647F3584878DC69366658297D4314F2F42388F1DAB7C6D87E4D0652C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5588baa9d66bab782a397346ed4d26f2ef5d99b6ed5c4cd740358945f04b7415
                                                                                                                                                                                                                                              • Instruction ID: 48c7ba9e27c182cf5f9c4967fad0f8b2a15916f9900c647adef01218ec2a33ab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5588baa9d66bab782a397346ed4d26f2ef5d99b6ed5c4cd740358945f04b7415
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D43103E7E0162647F3984824DDA93622542C7A1325F2F82798F5E6B7C6D87E5D0A13C8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d5968d1ccd4f5916700db112d0406fbef35f001a9d9cd81eb617f4f0ffdf7505
                                                                                                                                                                                                                                              • Instruction ID: ec5a5ae69f35c8b63b440603df7d99d316ee3def3d415ee90375855b847f34f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5968d1ccd4f5916700db112d0406fbef35f001a9d9cd81eb617f4f0ffdf7505
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121F332B083500BD718CE3998A117BFBE29BDA224F18C62DD4A697295CB34ED068A45
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 215e2b528e3b871e7f8cda844455d6cf4524f5f47a11751cd80a87fe55454def
                                                                                                                                                                                                                                              • Instruction ID: 850b9beb9e38d52be2aef3e551e149a14a25f117b72e5d8fe75f8e1cb6530899
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 215e2b528e3b871e7f8cda844455d6cf4524f5f47a11751cd80a87fe55454def
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4312AE7F2162147F3944838DD693661583D7E4325F2F86794F9EA7BC6EC3D480A1288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6df5dc68e291eb184439b14051e46168478762d9a95854da0243b55bece44e5a
                                                                                                                                                                                                                                              • Instruction ID: 400c9cf67faa9f0922690fc3d970fb882dde3d553b4645f847afa5fdb3c754be
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6df5dc68e291eb184439b14051e46168478762d9a95854da0243b55bece44e5a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B315EF3F1052547F7944839CD9936265839BD4324F2F82798B5CEB7C6D8BE9C0A5288
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 21fadccd787f3eed4dbd31c34602873522b5841fff1aa715ae353b2c6d1a2935
                                                                                                                                                                                                                                              • Instruction ID: c5553d5f37624f34e40efebbcef2189b215fe10e7a233809791f80d98172ec40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21fadccd787f3eed4dbd31c34602873522b5841fff1aa715ae353b2c6d1a2935
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D23148F3E2142147F3588825CC55362958397E5331F3F83395B38AB6C8DCBD8D1A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e1f0e2abc45dee7945ea4e61533c3a531feee7ddbccfa77583acf2d3f2e9fbc1
                                                                                                                                                                                                                                              • Instruction ID: 97780eb038b97f406ea330eea4d08844a24b070f7633c3a46d0ddcb89cfc888d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1f0e2abc45dee7945ea4e61533c3a531feee7ddbccfa77583acf2d3f2e9fbc1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 173190F7F226258BF3440839CD183A2658387E9321F2F43398B68977C5EC7D9C061284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1108a4504902f3bad12a09bc18f11f77de0d106e99d6bc498ac9683444962303
                                                                                                                                                                                                                                              • Instruction ID: b5bc1c50748c0c1e84fa5c25e573aee68592952574d80a2981ba490a428f6cc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1108a4504902f3bad12a09bc18f11f77de0d106e99d6bc498ac9683444962303
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 533130F7F516264BF36408A4DD9839265439794325F2F42348F5CB77C5D8BE8C4612C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c4c4fc1b8f069721eea5e7ebc52ce86e5a5dc2ffaa6da477aa5bf7c87a30b31f
                                                                                                                                                                                                                                              • Instruction ID: d064b41b56a5743a3eba13d0088f8a2fe6ccf35160ef5468eb8e7cc9f36e09b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4c4fc1b8f069721eea5e7ebc52ce86e5a5dc2ffaa6da477aa5bf7c87a30b31f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E3116B3F1113547F394896ACC483626293A7D5321F2F82788A5CAB7C9DD3E9C0A57C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7bcc38841a7116e8c9286d4d115b3c6a3e04693d047cbae01dfd5ea8618f1203
                                                                                                                                                                                                                                              • Instruction ID: ffc7a9144c0a2068e7f01f0e68992a1fd188f3e7ce773e146831c1e34df2c8a2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bcc38841a7116e8c9286d4d115b3c6a3e04693d047cbae01dfd5ea8618f1203
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D213EF3F5161547F394887ACD893222583D7D1720F3F82399B6897BC5EC7D480A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b45df8977cd5613dd0339f6a5dd4456e62bec791f994c1074cda7146a4ad1243
                                                                                                                                                                                                                                              • Instruction ID: 07d0330e878e421bfd69edf9cddd82c0214660c4e78376fefbd788455200f01e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b45df8977cd5613dd0339f6a5dd4456e62bec791f994c1074cda7146a4ad1243
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F219DF3E6062247F3584875CD993626582CBA4320F2F82798F5CAB7C5DC7E4D0A12C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e8d6660ee950b3963cf4061b700c31245660d7a619a9ac69021da0713f26792d
                                                                                                                                                                                                                                              • Instruction ID: 45fecf915cea5db5fb8dee99b9c52a337ceea94f5eb857f1ecd52cce95071713
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8d6660ee950b3963cf4061b700c31245660d7a619a9ac69021da0713f26792d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97216DF7F215354BF3944838CD993A265838BD4324F2F82798E5CA7BC9D87E5D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9dd881de4098a4d33156e2fa301a9f956c502682141b3f1ac4ba79de9190cc18
                                                                                                                                                                                                                                              • Instruction ID: 90f4b6bf5efb61472fcba94ba278b7243a3a236e8165e42db7610ef923271b5d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dd881de4098a4d33156e2fa301a9f956c502682141b3f1ac4ba79de9190cc18
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6216DF3F5112647F3544828DDA83622583ABE8320F2F82398F5D5B7C5EC7D9D0A5284
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: b09a692e6842a44bb017100808afb989c54648aaa580a0c099b3a8a54bcfa166
                                                                                                                                                                                                                                              • Instruction ID: 7b6c586d4a8c55666394847f35a8a9235fa507aa4a13e5e766b73caa5063d4f0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b09a692e6842a44bb017100808afb989c54648aaa580a0c099b3a8a54bcfa166
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B213AF7F5023047F35848A9E898362A1828799725F1F81BD8F49BB3C1ECAE1C4953C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                              • Instruction ID: 0df0beac35d9d30a4b98fd62d0f697447562a830002e00bb51ea465573a2d4ba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611A933A055D40EC31A8D3C8410575BFE31AA3A36F6983D9F4B89B2D7E7228DCA8355
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8e207c266a690b7deb376f43b67ba25a6aebec4d91d28e956843d877fe40e27a
                                                                                                                                                                                                                                              • Instruction ID: 9c3bdec3d5900b4307e64c87370c8813bccfe9c2f81a9da3c22329b5e1a97883
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e207c266a690b7deb376f43b67ba25a6aebec4d91d28e956843d877fe40e27a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE115EB540831EDFEB199FA8D0483EE77E0FB04312F61041DDCA086980D7B64DA8CB4A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000005.00000002.1382521514.0000000000101000.00000040.00000001.01000000.00000004.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382462513.0000000000100000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382521514.0000000000143000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382653586.0000000000152000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.0000000000154000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000002D7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003B4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003DC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003E4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1382713792.00000000003F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384260049.00000000003F3000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384389119.000000000058A000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000005.00000002.1384411681.000000000058B000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_100000_pJRiqnTih0.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d1dccbf6e42ffb6d12ddce981f1388108e214066279227c8eacc1ba36af8f2cf
                                                                                                                                                                                                                                              • Instruction ID: b194d0cfb01ae4619133bee47c6ed13b2278a4629573d7bf71e244a3057917e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1dccbf6e42ffb6d12ddce981f1388108e214066279227c8eacc1ba36af8f2cf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8E0ED79C11100AFDE006B10FC0161CBAA2A763307F461061E40863636EF3254AAA755