Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pTM2NWuTvC.exe

Overview

General Information

Sample name:pTM2NWuTvC.exe
renamed because original name is a hash value
Original sample name:6f19c240770b3501ef6870a9906a1c4d.exe
Analysis ID:1580920
MD5:6f19c240770b3501ef6870a9906a1c4d
SHA1:9157131784fe1b8695c599f4bab8b4971fd229be
SHA256:7947450d51447146e32fff1d85b02695a6359e4d704f314d3065e42f9b7bf82a
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • pTM2NWuTvC.exe (PID: 7912 cmdline: "C:\Users\user\Desktop\pTM2NWuTvC.exe" MD5: 6F19C240770B3501EF6870A9906A1C4D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wordyfindy.lat", "observerfry.lat", "slipperyloo.lat", "talkynicer.lat", "bashfulacid.lat", "shapestickyr.lat", "tentabatte.lat", "curverpluch.lat", "manyrestro.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:04.452276+010020283713Unknown Traffic192.168.2.1049704104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:02.671614+010020584801Domain Observed Used for C2 Detected192.168.2.10586031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:02.378557+010020584841Domain Observed Used for C2 Detected192.168.2.10615071.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:01.943987+010020584921Domain Observed Used for C2 Detected192.168.2.10502321.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:02.085302+010020585001Domain Observed Used for C2 Detected192.168.2.10558341.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:01.795472+010020585021Domain Observed Used for C2 Detected192.168.2.10571031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:02.225740+010020585101Domain Observed Used for C2 Detected192.168.2.10577651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:02.522258+010020585121Domain Observed Used for C2 Detected192.168.2.10571811.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:01.646288+010020585141Domain Observed Used for C2 Detected192.168.2.10562001.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:12:05.213624+010028586661Domain Observed Used for C2 Detected192.168.2.1049704104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: pTM2NWuTvC.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://bashfulacid.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://talkynicer.lat/Avira URL Cloud: Label: malware
    Source: https://curverpluch.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://slipperyloo.lat:443/apizAvira URL Cloud: Label: malware
    Source: https://tentabatte.lat:443/apiAvira URL Cloud: Label: malware
    Found malware configuration
    Source: pTM2NWuTvC.exe.7912.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["wordyfindy.lat", "observerfry.lat", "slipperyloo.lat", "talkynicer.lat", "bashfulacid.lat", "shapestickyr.lat", "tentabatte.lat", "curverpluch.lat", "manyrestro.lat"], "Build id": "PsFKDg--pablo"}
    Multi AV Scanner detection for submitted file
    Source: pTM2NWuTvC.exeReversingLabs: Detection: 65%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: pTM2NWuTvC.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000003.1287423389.0000000004ED0000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
    Source: pTM2NWuTvC.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.10:49704 version: TLS 1.2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ebx0_2_00428600
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00461720
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044E0DA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044C0E6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044C09E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044C09E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov eax, dword ptr [00466130h]0_2_00438169
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004481CC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00456210
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00460340
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0043C300
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004483D8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_0044C465
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044C465
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00448528
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edi, ecx0_2_0044A5B6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_004606F0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0044C850
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then push esi0_2_0042C805
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00442830
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_0045C830
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov eax, ebx0_2_0043C8A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_0043C8A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_0043C8A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_0043C8A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_004489E9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0045C990
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_0045CA40
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00428A50
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0044AAC0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_0042AB40
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ecx0_2_00438B1B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_0043EB80
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_0042CC7A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00434CA0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00460D20
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ecx0_2_00446D2E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_0045EDC1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0045CDF0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_0045CDF0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0045CDF0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_0045CDF0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_00442E6D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then jmp edx0_2_00442E6D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00442E6D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_00422EB0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00436F52
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov esi, ecx0_2_004490D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00461160
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0044B170
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0044D17D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0044D116
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044D34A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_004273D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_004273D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov eax, ebx0_2_00447440
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00447440
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0043747D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov word ptr [edx], di0_2_0043747D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_0043B57D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00447740
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then jmp eax0_2_00449739
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then jmp edx0_2_004437D6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_00429780
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0043D8D8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0043D8D8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ecx0_2_0043B8F6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ecx0_2_0043B8F6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0043D8AC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0043D8AC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0044B980
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then jmp edx0_2_004439B9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_004439B9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00441A10
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then dec edx0_2_0045FA20
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then dec edx0_2_0045FB10
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then dec edx0_2_0045FD70
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044DDFF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0044DE07
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then dec edx0_2_0045FE00
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edx, ecx0_2_00449E80
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov ecx, eax0_2_0044BF13
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00445F1B

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.10:55834 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.10:57181 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.10:57765 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.10:57103 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.10:58603 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.10:61507 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.10:56200 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.10:50232 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.10:49704 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: wordyfindy.lat
    Source: Malware configuration extractorURLs: observerfry.lat
    Source: Malware configuration extractorURLs: slipperyloo.lat
    Source: Malware configuration extractorURLs: talkynicer.lat
    Source: Malware configuration extractorURLs: bashfulacid.lat
    Source: Malware configuration extractorURLs: shapestickyr.lat
    Source: Malware configuration extractorURLs: tentabatte.lat
    Source: Malware configuration extractorURLs: curverpluch.lat
    Source: Malware configuration extractorURLs: manyrestro.lat
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49704 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d0576a06b1761b2e503d00dc; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:12:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d0576a06b1761b2e503d00dc; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:12:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control_$ equals www.youtube.com (Youtube)
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: observerfry.lat
    Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
    Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
    Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
    Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
    Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
    Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
    Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
    Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bashfulacid.lat:443/api
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curverpluch.lat:443/api
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://slipperyloo.lat:443/apiz
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.000000000120A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.000000000120A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/G$
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900P$
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://talkynicer.lat/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tentabatte.lat:443/api
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.10:49704 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: pTM2NWuTvC.exeStatic PE information: section name:
    Source: pTM2NWuTvC.exeStatic PE information: section name: .idata
    Source: pTM2NWuTvC.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004286000_2_00428600
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042B1000_2_0042B100
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B004E0_2_004B004E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052A0580_2_0052A058
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F20640_2_004F2064
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005400120_2_00540012
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004880060_2_00488006
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004900060_2_00490006
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005160030_2_00516003
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005460030_2_00546003
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005120D10_2_005120D1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005440DD0_2_005440DD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B80C60_2_004B80C6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044A0CA0_2_0044A0CA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC0DE0_2_004AC0DE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005380CA0_2_005380CA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005320F20_2_005320F2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044C0E60_2_0044C0E6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A20E80_2_004A20E8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004360E90_2_004360E9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BC0F30_2_004BC0F3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005200910_2_00520091
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044C09E0_2_0044C09E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E0880_2_0052E088
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005000A40_2_005000A4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051A0A80_2_0051A0A8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D61460_2_004D6146
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005481580_2_00548158
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044C09E0_2_0044C09E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051814A0_2_0051814A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051414F0_2_0051414F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004261600_2_00426160
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EE16D0_2_004EE16D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004381690_2_00438169
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EA1790_2_004EA179
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054211E0_2_0054211E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CA11F0_2_004CA11F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A81150_2_004A8115
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005221350_2_00522135
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004481CC0_2_004481CC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005381C40_2_005381C4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DC1D30_2_004DC1D3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FC1E90_2_004FC1E9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D41EA0_2_004D41EA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050C1FC0_2_0050C1FC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CC1F90_2_004CC1F9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C61FB0_2_004C61FB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044E1800_2_0044E180
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049219E0_2_0049219E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049E1A30_2_0049E1A3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053A1AE0_2_0053A1AE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F42570_2_004F4257
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054024F0_2_0054024F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D02650_2_004D0265
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004242700_2_00424270
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D62730_2_004D6273
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052826C0_2_0052826C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DE20E0_2_004DE20E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F82080_2_004F8208
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005342060_2_00534206
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C22100_2_004C2210
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043E2200_2_0043E220
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C02280_2_004C0228
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052C2240_2_0052C224
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051C2290_2_0051C229
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005102D00_2_005102D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004442D00_2_004442D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F62D70_2_004F62D7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005A42EC0_2_005A42EC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B22F20_2_004B22F2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053829B0_2_0053829B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A22870_2_004A2287
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005203410_2_00520341
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005443480_2_00544348
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005C031E0_2_005C031E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004883010_2_00488301
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053C3190_2_0053C319
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D43160_2_004D4316
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054E33D0_2_0054E33D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005E032E0_2_005E032E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005043DA0_2_005043DA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A43DC0_2_004A43DC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BA3D10_2_004BA3D1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004483D80_2_004483D8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048A3E40_2_0048A3E4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E43FF0_2_004E43FF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054A3EE0_2_0054A3EE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E23930_2_004E2393
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052C38D0_2_0052C38D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AA3AC0_2_004AA3AC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045A4400_2_0045A440
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004604600_2_00460460
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F04680_2_004F0468
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005324050_2_00532405
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005164200_2_00516420
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004984300_2_00498430
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004404C60_2_004404C6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C24EF0_2_004C24EF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004424E00_2_004424E0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A84EC0_2_004A84EC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EE4FE0_2_004EE4FE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F249D0_2_004F249D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050C4A30_2_0050C4A3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005484A00_2_005484A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FC4B20_2_004FC4B2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B85420_2_004B8542
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048655E0_2_0048655E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005345720_2_00534572
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004445600_2_00444560
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CC5650_2_004CC565
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050A5670_2_0050A567
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E85750_2_004E8575
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F85700_2_004F8570
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BC51D0_2_004BC51D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050E5080_2_0050E508
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051E5310_2_0051E531
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B452E0_2_004B452E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B65210_2_004B6521
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005285260_2_00528526
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044C53C0_2_0044C53C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C85CD0_2_004C85CD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DA5C40_2_004DA5C4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045A5D40_2_0045A5D4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC5DF0_2_004AC5DF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051C5CA0_2_0051C5CA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004265F00_2_004265F0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005225860_2_00522586
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045C5A00_2_0045C5A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052C5B70_2_0052C5B7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D05BF0_2_004D05BF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005305A70_2_005305A7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005086510_2_00508651
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004586500_2_00458650
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053A67D0_2_0053A67D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D660C0_2_004D660C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005406180_2_00540618
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EC61D0_2_004EC61D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043E6300_2_0043E630
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FC6350_2_004FC635
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049E6350_2_0049E635
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005286DC0_2_005286DC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004846DB0_2_004846DB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004446D00_2_004446D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D06F90_2_004D06F9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004606F00_2_004606F0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005206910_2_00520691
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042E6870_2_0042E687
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D26800_2_004D2680
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004966860_2_00496686
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C06A50_2_004C06A5
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E6BB0_2_0052E6BB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DC6BF0_2_004DC6BF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004886B50_2_004886B5
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048274A0_2_0048274A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004327500_2_00432750
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005387170_2_00538717
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053671D0_2_0053671D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005247070_2_00524707
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D47210_2_004D4721
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004947270_2_00494727
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B27380_2_004B2738
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005407DD0_2_005407DD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004967C30_2_004967C3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B47D90_2_004B47D9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005147F10_2_005147F1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005487F60_2_005487F6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054E7800_2_0054E780
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005127880_2_00512788
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054A7B00_2_0054A7B0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D67A20_2_004D67A2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AA7B80_2_004AA7B8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F47BB0_2_004F47BB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042C8400_2_0042C840
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E286F0_2_004E286F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FE8720_2_004FE872
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005068010_2_00506801
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FA8120_2_004FA812
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D28120_2_004D2812
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049883C0_2_0049883C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005088D00_2_005088D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004928DD0_2_004928DD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CC8D10_2_004CC8D1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EC8D00_2_004EC8D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005348930_2_00534893
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AE8880_2_004AE888
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BC89F0_2_004BC89F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050488B0_2_0050488B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E48910_2_004E4891
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043C8A00_2_0043C8A0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005308BE0_2_005308BE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E08A10_2_004E08A1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004588B00_2_004588B0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048C9460_2_0048C946
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043E9600_2_0043E960
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BE97A0_2_004BE97A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C89760_2_004C8976
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004469100_2_00446910
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054293C0_2_0054293C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CA93F0_2_004CA93F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005D69CC0_2_005D69CC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A89EB0_2_004A89EB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004609E00_2_004609E0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A69E60_2_004A69E6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044C9EB0_2_0044C9EB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053E9EF0_2_0053E9EF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B89F60_2_004B89F6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D09980_2_004D0998
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004909920_2_00490992
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC9B90_2_004AC9B9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050E9A30_2_0050E9A3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045CA400_2_0045CA40
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C4A5B0_2_004C4A5B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051EA7A0_2_0051EA7A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00510A660_2_00510A66
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049EA0A0_2_0049EA0A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FCA050_2_004FCA05
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00534A040_2_00534A04
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A2ACD0_2_004A2ACD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00496ADC0_2_00496ADC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EEAD10_2_004EEAD1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00532AE70_2_00532AE7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00528AEB0_2_00528AEB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DCA850_2_004DCA85
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DEA9A0_2_004DEA9A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00524A8D0_2_00524A8D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049AAB80_2_0049AAB8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00520AA30_2_00520AA3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052EAA40_2_0052EAA4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00448ABC0_2_00448ABC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00544AAF0_2_00544AAF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042AB400_2_0042AB40
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BCB460_2_004BCB46
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DAB560_2_004DAB56
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ECB6C0_2_004ECB6C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D4B7C0_2_004D4B7C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CEB1D0_2_004CEB1D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00484B100_2_00484B10
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00438B1B0_2_00438B1B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C2B290_2_004C2B29
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E8B3B0_2_004E8B3B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00536BFC0_2_00536BFC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00506BE30_2_00506BE3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043EB800_2_0043EB80
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049CB8C0_2_0049CB8C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FCB820_2_004FCB82
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00424BA00_2_00424BA0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EEC6E0_2_004EEC6E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00480C000_2_00480C00
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00522C1D0_2_00522C1D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00540C070_2_00540C07
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048EC150_2_0048EC15
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00548C3E0_2_00548C3E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FAC390_2_004FAC39
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00482C310_2_00482C31
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00508CD80_2_00508CD8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B2CDB0_2_004B2CDB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054ACC60_2_0054ACC6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050ACFD0_2_0050ACFD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00500CE20_2_00500CE2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050CCEE0_2_0050CCEE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053CC920_2_0053CC92
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CAC870_2_004CAC87
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00502C8D0_2_00502C8D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00434CA00_2_00434CA0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00484D4D0_2_00484D4D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00492D4C0_2_00492D4C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044CD4C0_2_0044CD4C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044CD5E0_2_0044CD5E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A2D660_2_004A2D66
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00498D720_2_00498D72
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F8D0D0_2_004F8D0D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053ED170_2_0053ED17
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D0D1B0_2_004D0D1B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F4D150_2_004F4D15
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00460D200_2_00460D20
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00446D2E0_2_00446D2E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E0D230_2_004E0D23
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D6D3C0_2_004D6D3C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F0D340_2_004F0D34
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ECDFE0_2_004ECDFE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045CDF00_2_0045CDF0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050ED940_2_0050ED94
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053AD980_2_0053AD98
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00528D830_2_00528D83
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D8D9E0_2_004D8D9E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00524DB70_2_00524DB7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B0DBB0_2_004B0DBB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00530DAE0_2_00530DAE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F2E420_2_004F2E42
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00542E470_2_00542E47
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DEE5B0_2_004DEE5B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044EE630_2_0044EE63
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00440E6C0_2_00440E6C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00442E6D0_2_00442E6D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ACE0A0_2_004ACE0A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00546E170_2_00546E17
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054EE350_2_0054EE35
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00506E360_2_00506E36
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E0ECD0_2_004E0ECD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00486EED0_2_00486EED
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00532EF80_2_00532EF8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048EEE70_2_0048EEE7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00534EEB0_2_00534EEB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B6E830_2_004B6E83
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BCE9B0_2_004BCE9B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00482E920_2_00482E92
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00458EA00_2_00458EA0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00422EB00_2_00422EB0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043AEB00_2_0043AEB0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051EEA70_2_0051EEA7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C2EB30_2_004C2EB3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054EF5F0_2_0054EF5F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00436F520_2_00436F52
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C6F770_2_004C6F77
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00480F190_2_00480F19
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052CF070_2_0052CF07
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00500F320_2_00500F32
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E8F360_2_004E8F36
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051CF2C0_2_0051CF2C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E4F300_2_004E4F30
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F6FDA0_2_004F6FDA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E0FD80_2_004E0FD8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B4FE80_2_004B4FE8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FEFF60_2_004FEFF6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00516F850_2_00516F85
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052EF840_2_0052EF84
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00490FB90_2_00490FB9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CEFBB0_2_004CEFBB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00484FB70_2_00484FB7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053D0540_2_0053D054
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D50460_2_004D5046
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DD0550_2_004DD055
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049906F0_2_0049906F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EF0620_2_004EF062
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043D0030_2_0043D003
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BB00F0_2_004BB00F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052101E0_2_0052101E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D101B0_2_004D101B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054B0340_2_0054B034
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042D0210_2_0042D021
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004890CB0_2_004890CB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D70C30_2_004D70C3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053F0C40_2_0053F0C4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005190CE0_2_005190CE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005230E20_2_005230E2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005030E10_2_005030E1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050D0E80_2_0050D0E8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DB0F70_2_004DB0F7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A908B0_2_004A908B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005270960_2_00527096
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A30A10_2_004A30A1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BF1450_2_004BF145
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005451700_2_00545170
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CB1140_2_004CB114
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005371360_2_00537136
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F51370_2_004F5137
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052B1D40_2_0052B1D4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D31C70_2_004D31C7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AB1D80_2_004AB1D8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005051F70_2_005051F7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005271F90_2_005271F9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E31F70_2_004E31F7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053B1EE0_2_0053B1EE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005391EC0_2_005391EC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B11810_2_004B1181
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045F18B0_2_0045F18B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F119A0_2_004F119A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004491AE0_2_004491AE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005072450_2_00507245
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048D25F0_2_0048D25F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ED2630_2_004ED263
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A127D0_2_004A127D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D12750_2_004D1275
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050926D0_2_0050926D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E92050_2_004E9205
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052D20A0_2_0052D20A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048122A0_2_0048122A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004312270_2_00431227
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C92210_2_004C9221
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D723F0_2_004D723F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C32340_2_004C3234
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005472D60_2_005472D6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F32EB0_2_004F32EB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B528A0_2_004B528A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004592800_2_00459280
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049D2990_2_0049D299
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048F2AA0_2_0048F2AA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F92AA0_2_004F92AA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005432BC0_2_005432BC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005352A40_2_005352A4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004413400_2_00441340
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044D34A0_2_0044D34A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C53530_2_004C5353
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004873780_2_00487378
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0044F3770_2_0044F377
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B937C0_2_004B937C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C33730_2_004C3373
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051B3190_2_0051B319
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004853070_2_00485307
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004293100_2_00429310
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005133030_2_00513303
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049B31F0_2_0049B31F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FF3190_2_004FF319
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049F3140_2_0049F314
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042F3C00_2_0042F3C0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004273D00_2_004273D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CD3D40_2_004CD3D4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005173EA0_2_005173EA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FB3AC0_2_004FB3AC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053F3B90_2_0053F3B9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004893BA0_2_004893BA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BF3BF0_2_004BF3BF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004474400_2_00447440
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E54460_2_004E5446
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050B45B0_2_0050B45B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F74580_2_004F7458
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A547A0_2_004A547A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BB47A0_2_004BB47A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005114600_2_00511460
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043747D0_2_0043747D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048540F0_2_0048540F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DF42E0_2_004DF42E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005014370_2_00501437
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A14DF0_2_004A14DF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AF4E70_2_004AF4E7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005E54EE0_2_005E54EE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042D4F30_2_0042D4F3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0053D4900_2_0053D490
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004DB48B0_2_004DB48B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D749A0_2_004D749A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054548E0_2_0054548E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D54900_2_004D5490
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054B4A20_2_0054B4A2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051556B0_2_0051556B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005015080_2_00501508
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F55230_2_004F5523
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004EF5350_2_004EF535
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CB5D90_2_004CB5D9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052B5CA0_2_0052B5CA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005275CB0_2_005275CB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F75D00_2_004F75D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AD5EE0_2_004AD5EE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D35E00_2_004D35E0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005295FD0_2_005295FD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ED58E0_2_004ED58E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BF58D0_2_004BF58D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049559C0_2_0049559C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0054D5820_2_0054D582
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005135B30_2_005135B3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005055B60_2_005055B6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005335BC0_2_005335BC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C15BC0_2_004C15BC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005375AD0_2_005375AD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048B66A0_2_0048B66A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004976790_2_00497679
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F96700_2_004F9670
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0042F60D0_2_0042F60D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BD61A0_2_004BD61A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005256010_2_00525601
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0043961B0_2_0043961B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A362E0_2_004A362E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049D62E0_2_0049D62E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005476290_2_00547629
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005D96D90_2_005D96D9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051B6D70_2_0051B6D7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A96CD0_2_004A96CD
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C96EB0_2_004C96EB
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052D6F90_2_0052D6F9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D76A70_2_004D76A7
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004477400_2_00447740
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005077710_2_00507771
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005417770_2_00541777
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D377E0_2_004D377E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BD7700_2_004BD770
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0051176F0_2_0051176F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B17090_2_004B1709
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C77190_2_004C7719
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FB7150_2_004FB715
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004497390_2_00449739
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004897360_2_00489736
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004357C00_2_004357C0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005497DF0_2_005497DF
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E77C20_2_004E77C2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005457D90_2_005457D9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004D57D30_2_004D57D3
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004E57D00_2_004E57D0
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004CF7EE0_2_004CF7EE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0048D7E40_2_0048D7E4
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0049F7880_2_0049F788
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004297800_2_00429780
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_005217910_2_00521791
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B57A20_2_004B57A2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004B77B20_2_004B77B2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004C384F0_2_004C384F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004ED84A0_2_004ED84A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004BB84C0_2_004BB84C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0050385A0_2_0050385A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004A98440_2_004A9844
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004F385B0_2_004F385B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004FB8650_2_004FB865
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: String function: 00427F60 appears 40 times
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: String function: 00434C90 appears 77 times
    Source: pTM2NWuTvC.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: pTM2NWuTvC.exeStatic PE information: Section: ZLIB complexity 0.9994893790849673
    Source: pTM2NWuTvC.exeStatic PE information: Section: fecmjzxm ZLIB complexity 0.9947453482824428
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00452070 CoCreateInstance,0_2_00452070
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: pTM2NWuTvC.exeReversingLabs: Detection: 65%
    Source: pTM2NWuTvC.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile read: C:\Users\user\Desktop\pTM2NWuTvC.exeJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSection loaded: dpapi.dllJump to behavior
    Source: pTM2NWuTvC.exeStatic file information: File size 1848832 > 1048576
    Source: pTM2NWuTvC.exeStatic PE information: Raw size of fecmjzxm is bigger than: 0x100000 < 0x199600

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeUnpacked PE file: 0.2.pTM2NWuTvC.exe.420000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fecmjzxm:EW;emcirhhj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fecmjzxm:EW;emcirhhj:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: pTM2NWuTvC.exeStatic PE information: real checksum: 0x1caf9d should be: 0x1ca61b
    Source: pTM2NWuTvC.exeStatic PE information: section name:
    Source: pTM2NWuTvC.exeStatic PE information: section name: .idata
    Source: pTM2NWuTvC.exeStatic PE information: section name:
    Source: pTM2NWuTvC.exeStatic PE information: section name: fecmjzxm
    Source: pTM2NWuTvC.exeStatic PE information: section name: emcirhhj
    Source: pTM2NWuTvC.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C04F push 79E6419Ah; mov dword ptr [esp], ebp0_2_0047C054
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047E054 push 0EFA89C9h; mov dword ptr [esp], ebx0_2_0047E074
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0066C072 push 17F62CE9h; mov dword ptr [esp], ecx0_2_0066C098
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0066C072 push edx; mov dword ptr [esp], ebp0_2_0066C0D6
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C07B push edi; mov dword ptr [esp], 1AF85788h0_2_0047D176
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_00478026 push 7EE9148Eh; mov dword ptr [esp], ebx0_2_00478352
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C020 push 0DEF40A2h; mov dword ptr [esp], edi0_2_0047C174
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C03B push ecx; mov dword ptr [esp], esp0_2_0047C03F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C03B push edi; mov dword ptr [esp], edx0_2_0047DC56
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C0C7 push ebp; mov dword ptr [esp], ecx0_2_0047C0C8
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C0C7 push edx; mov dword ptr [esp], 0C5A5B00h0_2_00480433
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004780C5 push 42E50A0Bh; mov dword ptr [esp], esi0_2_0047862F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC0DE push 74061729h; mov dword ptr [esp], edx0_2_004AC427
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC0DE push ebx; mov dword ptr [esp], eax0_2_004AC496
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC0DE push 6A26099Dh; mov dword ptr [esp], ebp0_2_004AC4D9
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_004AC0DE push ecx; mov dword ptr [esp], esp0_2_004AC53A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C0FB push edi; mov dword ptr [esp], 544A3C00h0_2_0047C102
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push ebx; mov dword ptr [esp], eax0_2_0052E4EA
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push 509DF3FEh; mov dword ptr [esp], ecx0_2_0052E52E
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push 6DCEB46Ah; mov dword ptr [esp], ecx0_2_0052E540
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push edi; mov dword ptr [esp], esi0_2_0052E55B
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push 2F475A33h; mov dword ptr [esp], ecx0_2_0052E5FE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push ebx; mov dword ptr [esp], 5F0C7337h0_2_0052E603
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push edx; mov dword ptr [esp], eax0_2_0052E615
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push 6D75990Ch; mov dword ptr [esp], ebp0_2_0052E61D
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0052E088 push 270D50E4h; mov dword ptr [esp], esi0_2_0052E66A
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_006DA085 push 29EF56D7h; mov dword ptr [esp], edx0_2_006DA10F
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047814B push ebp; mov dword ptr [esp], 16BEDC61h0_2_004784AC
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0065E122 push 127EB027h; mov dword ptr [esp], ecx0_2_0065E16C
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0065E122 push edx; mov dword ptr [esp], ebp0_2_0065E1B2
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0065E122 push 0C18137Bh; mov dword ptr [esp], eax0_2_0065E1D7
    Source: pTM2NWuTvC.exeStatic PE information: section name: entropy: 7.983348957887643
    Source: pTM2NWuTvC.exeStatic PE information: section name: fecmjzxm entropy: 7.954030950167311

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeWindow searched: window name: RegmonclassJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 479287 second address: 478AF1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA1E8D1948Ch 0x0000000e nop 0x0000000f stc 0x00000010 push dword ptr [ebp+122D0A0Dh] 0x00000016 jl 00007FA1E8D1948Ah 0x0000001c pushad 0x0000001d clc 0x0000001e clc 0x0000001f popad 0x00000020 call dword ptr [ebp+122D24A6h] 0x00000026 pushad 0x00000027 stc 0x00000028 xor eax, eax 0x0000002a mov dword ptr [ebp+122D317Ah], eax 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 sub dword ptr [ebp+122D317Ah], esi 0x0000003a mov dword ptr [ebp+122D2B73h], eax 0x00000040 pushad 0x00000041 mov dword ptr [ebp+122D188Eh], ecx 0x00000047 mov cx, 0E00h 0x0000004b popad 0x0000004c mov esi, 0000003Ch 0x00000051 jmp 00007FA1E8D19497h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FA1E8D19497h 0x0000005f lodsw 0x00000061 jg 00007FA1E8D19492h 0x00000067 add eax, dword ptr [esp+24h] 0x0000006b stc 0x0000006c mov ebx, dword ptr [esp+24h] 0x00000070 clc 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push ecx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 478AF1 second address: 478AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EB1D3 second address: 5EB1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EB1D8 second address: 5EB1FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007FA1E9520846h 0x0000000b jmp 00007FA1E952084Eh 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EA8A3 second address: 5EA8A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EA8A7 second address: 5EA8D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jmp 00007FA1E952084Ch 0x0000000f jmp 00007FA1E9520856h 0x00000014 pop eax 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 pop edi 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EA8D8 second address: 5EA8F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA1E8D19496h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EAA56 second address: 5EAA60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5ED826 second address: 5ED82A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5ED95B second address: 5ED95F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDA04 second address: 5EDA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jl 00007FA1E8D1949Ah 0x0000000f jmp 00007FA1E8D19494h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 adc si, AE21h 0x0000001c call 00007FA1E8D19489h 0x00000021 jo 00007FA1E8D19497h 0x00000027 push ebx 0x00000028 jmp 00007FA1E8D1948Fh 0x0000002d pop ebx 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 push ecx 0x00000032 jo 00007FA1E8D19486h 0x00000038 pop ecx 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDA5A second address: 5EDABB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520855h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FA1E9520853h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 jmp 00007FA1E9520855h 0x0000001a jmp 00007FA1E952084Dh 0x0000001f popad 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDABB second address: 5EDAC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDB8A second address: 5EDB9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1E952084Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDB9A second address: 5EDBED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19492h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edi 0x00000010 jmp 00007FA1E8D19493h 0x00000015 pop edi 0x00000016 pop eax 0x00000017 mov edx, eax 0x00000019 lea ebx, dword ptr [ebp+124486F4h] 0x0000001f jmp 00007FA1E8D19493h 0x00000024 push eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDBED second address: 5EDBF7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5EDD74 second address: 5EDDA6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA1E8D1948Fh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FA1E8D19496h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5DAD3B second address: 5DAD48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60BAD1 second address: 60BAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19491h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60BAE6 second address: 60BAEE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60BDA9 second address: 60BDAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60BDAF second address: 60BDCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520857h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C095 second address: 60C0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19496h 0x00000009 jp 00007FA1E8D19486h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA1E8D19492h 0x00000017 jmp 00007FA1E8D19495h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C0DF second address: 60C0EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C0EB second address: 60C0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C0EF second address: 60C11C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1E9520846h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA1E9520851h 0x0000001b jno 00007FA1E9520846h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5DAD31 second address: 5DAD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C27D second address: 60C281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C3DC second address: 60C3E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60C3E1 second address: 60C3FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E952084Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b jg 00007FA1E9520846h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60CA57 second address: 60CAA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Ch 0x00000007 je 00007FA1E8D19492h 0x0000000d jmp 00007FA1E8D1948Ch 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA1E8D19499h 0x0000001b jmp 00007FA1E8D1948Eh 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 600F72 second address: 600FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA1E9520846h 0x0000000a pop ecx 0x0000000b jmp 00007FA1E952084Eh 0x00000010 jnl 00007FA1E952084Ch 0x00000016 popad 0x00000017 pushad 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b jc 00007FA1E9520846h 0x00000021 pop ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 jne 00007FA1E9520846h 0x0000002a jmp 00007FA1E952084Bh 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5D5D1A second address: 5D5D21 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5D5D21 second address: 5D5D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5D5D2A second address: 5D5D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19498h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61079F second address: 6107A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FA1E9520846h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6107A9 second address: 6107AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 610C27 second address: 610C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 610DA7 second address: 610DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D1948Fh 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60F5EE second address: 60F5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60F5F5 second address: 60F617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19499h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 60F617 second address: 60F61D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6148C6 second address: 6148D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6148D2 second address: 6148FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA1E9520846h 0x0000000a popad 0x0000000b jp 00007FA1E952085Fh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 619332 second address: 619336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61949C second address: 6194A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6194A2 second address: 6194D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007FA1E8D19486h 0x0000000c jmp 00007FA1E8D19495h 0x00000011 popad 0x00000012 jl 00007FA1E8D19488h 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6194D1 second address: 6194E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA1E952084Fh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6194E9 second address: 6194ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 619C56 second address: 619C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA1E952084Eh 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FA1E9520860h 0x00000018 jmp 00007FA1E9520854h 0x0000001d jno 00007FA1E9520846h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61ADC5 second address: 61ADC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B0F8 second address: 61B103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B3E0 second address: 61B3E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B3E6 second address: 61B3EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B4D5 second address: 61B4DB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B4DB second address: 61B4FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520854h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FA1E9520848h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B625 second address: 61B62F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1E8D19486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61B62F second address: 61B635 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61BC1A second address: 61BC20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61D0F3 second address: 61D0F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61D0F7 second address: 61D0FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61D0FB second address: 61D12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E9520857h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jno 00007FA1E952084Ch 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E206 second address: 61E228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FA1E8D19497h 0x00000011 jmp 00007FA1E8D19491h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E228 second address: 61E26C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007FA1E9520846h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push edi 0x0000000e cld 0x0000000f pop edi 0x00000010 push 00000000h 0x00000012 and edi, dword ptr [ebp+122D1D0Bh] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FA1E9520848h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov dword ptr [ebp+12452453h], edi 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E26C second address: 61E270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E270 second address: 61E288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520850h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E288 second address: 61E2C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jnc 00007FA1E8D19493h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA1E8D19498h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E2C8 second address: 61E2CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61ED8D second address: 61EE09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1E8D19493h 0x00000008 jmp 00007FA1E8D19499h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 add edi, dword ptr [ebp+122D2A33h] 0x00000019 mov dword ptr [ebp+122D20F3h], edx 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FA1E8D19488h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 00000017h 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b clc 0x0000003c push 00000000h 0x0000003e mov si, D65Ah 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA1E8D1948Eh 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61EE09 second address: 61EE0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61F82E second address: 61F8AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FA1E8D19488h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edi 0x0000002b call 00007FA1E8D19488h 0x00000030 pop edi 0x00000031 mov dword ptr [esp+04h], edi 0x00000035 add dword ptr [esp+04h], 0000001Ch 0x0000003d inc edi 0x0000003e push edi 0x0000003f ret 0x00000040 pop edi 0x00000041 ret 0x00000042 push 00000000h 0x00000044 sub dword ptr [ebp+122D1CE9h], ebx 0x0000004a or dword ptr [ebp+122D189Dh], edi 0x00000050 xchg eax, ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push ecx 0x00000055 pop ecx 0x00000056 jmp 00007FA1E8D1948Ch 0x0000005b popad 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61F559 second address: 61F55D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62044C second address: 620473 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1E8D19491h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jno 00007FA1E8D1948Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 620473 second address: 620477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6201CC second address: 6201F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 jng 00007FA1E8D19497h 0x0000000c jmp 00007FA1E8D19491h 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007FA1E8D19486h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 620EFE second address: 620F08 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 621A89 second address: 621A90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 625FC3 second address: 625FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1E9520854h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 625FE2 second address: 625FE8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 625FE8 second address: 625FEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 625FEE second address: 625FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 626FCB second address: 626FD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 626FD0 second address: 626FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FA1E8D19486h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 626FE3 second address: 627071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520855h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FA1E9520848h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007FA1E9520848h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov edi, eax 0x00000049 jmp 00007FA1E9520850h 0x0000004e push 00000000h 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FA1E952084Eh 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 627071 second address: 627077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 627077 second address: 62707B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 628095 second address: 628099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 628099 second address: 6280DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 cld 0x0000000a push 00000000h 0x0000000c mov dword ptr [ebp+12441B5Eh], edx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007FA1E9520848h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e push eax 0x0000002f js 00007FA1E952084Eh 0x00000035 push ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 626119 second address: 62611D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 629185 second address: 62921B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov ebx, dword ptr [ebp+122D29BFh] 0x00000018 mov dword ptr [ebp+12441BB8h], ebx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007FA1E9520848h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a call 00007FA1E9520850h 0x0000003f sub ebx, dword ptr [ebp+122D2ACFh] 0x00000045 pop edi 0x00000046 mov ebx, dword ptr [ebp+122D2720h] 0x0000004c push 00000000h 0x0000004e push 00000000h 0x00000050 push ecx 0x00000051 call 00007FA1E9520848h 0x00000056 pop ecx 0x00000057 mov dword ptr [esp+04h], ecx 0x0000005b add dword ptr [esp+04h], 00000019h 0x00000063 inc ecx 0x00000064 push ecx 0x00000065 ret 0x00000066 pop ecx 0x00000067 ret 0x00000068 push edx 0x00000069 pop ebx 0x0000006a mov dword ptr [ebp+122D30C5h], ebx 0x00000070 xchg eax, esi 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FA1E952084Bh 0x00000078 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6282EC second address: 6282FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D1948Dh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62935C second address: 629363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6282FE second address: 628321 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19498h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 628321 second address: 628325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 629363 second address: 629411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop ecx 0x00000010 nop 0x00000011 or dword ptr [ebp+122D2DC8h], edi 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov dword ptr [ebp+12441BC7h], eax 0x00000024 mov ebx, 47DD252Dh 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007FA1E8D19488h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a mov edi, dword ptr [ebp+122D2C57h] 0x00000050 mov edi, dword ptr [ebp+12441C3Ch] 0x00000056 mov eax, dword ptr [ebp+122D0F09h] 0x0000005c or dword ptr [ebp+122D1D45h], eax 0x00000062 push FFFFFFFFh 0x00000064 pushad 0x00000065 jmp 00007FA1E8D19491h 0x0000006a jne 00007FA1E8D1949Fh 0x00000070 popad 0x00000071 nop 0x00000072 push ecx 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007FA1E8D19492h 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62C3AF second address: 62C3B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 628325 second address: 628338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62D20A second address: 62D214 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 629411 second address: 629435 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19490h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FA1E8D1948Ch 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62C3B3 second address: 62C3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62C3C1 second address: 62C3C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 63011B second address: 63011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62E28D second address: 62E296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62F2E4 second address: 62F308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1E9520859h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 630274 second address: 630278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6313DA second address: 6313DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 632593 second address: 632597 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6335EF second address: 633620 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA1E9520855h 0x00000008 jmp 00007FA1E952084Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA1E9520853h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 630278 second address: 63027E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 632597 second address: 63259D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 633620 second address: 633631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 63027E second address: 630309 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520856h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sbb bl, 00000055h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr [ebp+124484E9h], ecx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007FA1E9520848h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000016h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d mov bl, C5h 0x0000003f mov eax, dword ptr [ebp+122D1601h] 0x00000045 push edi 0x00000046 mov bl, 11h 0x00000048 pop ebx 0x00000049 sub dword ptr [ebp+122D1D98h], edi 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push ebx 0x00000054 call 00007FA1E9520848h 0x00000059 pop ebx 0x0000005a mov dword ptr [esp+04h], ebx 0x0000005e add dword ptr [esp+04h], 00000016h 0x00000066 inc ebx 0x00000067 push ebx 0x00000068 ret 0x00000069 pop ebx 0x0000006a ret 0x0000006b push eax 0x0000006c push ebx 0x0000006d pushad 0x0000006e pushad 0x0000006f popad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 63E2A4 second address: 63E2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FA1E8D19486h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 643230 second address: 64323A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA1E9520846h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6432C7 second address: 6432D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6432D3 second address: 6432EF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1E952084Bh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6432EF second address: 6432F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6432F5 second address: 643315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E952084Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA1E952084Ah 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 643315 second address: 643325 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6433F6 second address: 478AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 7480C9EEh 0x0000000d jmp 00007FA1E9520855h 0x00000012 push dword ptr [ebp+122D0A0Dh] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FA1E9520848h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 stc 0x00000033 call dword ptr [ebp+122D24A6h] 0x00000039 pushad 0x0000003a stc 0x0000003b xor eax, eax 0x0000003d mov dword ptr [ebp+122D317Ah], eax 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 sub dword ptr [ebp+122D317Ah], esi 0x0000004d mov dword ptr [ebp+122D2B73h], eax 0x00000053 pushad 0x00000054 mov dword ptr [ebp+122D188Eh], ecx 0x0000005a mov cx, 0E00h 0x0000005e popad 0x0000005f mov esi, 0000003Ch 0x00000064 jmp 00007FA1E9520857h 0x00000069 add esi, dword ptr [esp+24h] 0x0000006d jmp 00007FA1E9520857h 0x00000072 lodsw 0x00000074 jg 00007FA1E9520852h 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e stc 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 clc 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 push ecx 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B5EB second address: 64B5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA1E8D19486h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B5FD second address: 64B603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B603 second address: 64B60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B60A second address: 64B610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B610 second address: 64B614 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64A938 second address: 64A93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AD11 second address: 64AD29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19491h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AD29 second address: 64AD3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA1E9520846h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AD3C second address: 64AD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AD40 second address: 64AD48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AFED second address: 64AFF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64AFF3 second address: 64B005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 jg 00007FA1E9520846h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B169 second address: 64B196 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E8D19494h 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1E8D1948Dh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B196 second address: 64B1BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520852h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jc 00007FA1E952084Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B312 second address: 64B331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19492h 0x00000009 pop ebx 0x0000000a jc 00007FA1E8D19492h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B331 second address: 64B34D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA1E9520846h 0x0000000a pop eax 0x0000000b pushad 0x0000000c jns 00007FA1E952084Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64B34D second address: 64B351 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 650BDD second address: 650BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64F95A second address: 64F95F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FA86 second address: 64FA8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FA8C second address: 64FAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA1E8D19493h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FAA9 second address: 64FAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FBF1 second address: 64FBF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FBF7 second address: 64FBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FBFE second address: 64FC2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FA1E8D1948Dh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FC2C second address: 64FC3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E952084Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64FC3A second address: 64FC40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64F5EE second address: 64F605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007FA1E9520852h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 64F605 second address: 64F60C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 622CB2 second address: 600F72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jmp 00007FA1E9520859h 0x0000000d nop 0x0000000e xor dword ptr [ebp+122D1F41h], ecx 0x00000014 call dword ptr [ebp+122D1847h] 0x0000001a pushad 0x0000001b pushad 0x0000001c push esi 0x0000001d pop esi 0x0000001e push edi 0x0000001f pop edi 0x00000020 pushad 0x00000021 popad 0x00000022 push edi 0x00000023 pop edi 0x00000024 popad 0x00000025 push ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 622E51 second address: 622E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 622E55 second address: 622E80 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007FA1E9520852h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007FA1E9520846h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 622E80 second address: 622E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623151 second address: 623157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623157 second address: 478AF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19499h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, dword ptr [ebp+122D18DDh] 0x00000014 push dword ptr [ebp+122D0A0Dh] 0x0000001a and ecx, 3700F630h 0x00000020 call dword ptr [ebp+122D24A6h] 0x00000026 pushad 0x00000027 stc 0x00000028 xor eax, eax 0x0000002a mov dword ptr [ebp+122D317Ah], eax 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 sub dword ptr [ebp+122D317Ah], esi 0x0000003a mov dword ptr [ebp+122D2B73h], eax 0x00000040 pushad 0x00000041 mov dword ptr [ebp+122D188Eh], ecx 0x00000047 mov cx, 0E00h 0x0000004b popad 0x0000004c mov esi, 0000003Ch 0x00000051 jmp 00007FA1E8D19497h 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a jmp 00007FA1E8D19497h 0x0000005f lodsw 0x00000061 jg 00007FA1E8D19492h 0x00000067 add eax, dword ptr [esp+24h] 0x0000006b stc 0x0000006c mov ebx, dword ptr [esp+24h] 0x00000070 clc 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push ecx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623375 second address: 62337A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623409 second address: 623453 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19498h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b jmp 00007FA1E8D19496h 0x00000010 xchg eax, esi 0x00000011 or dword ptr [ebp+122D3726h], edi 0x00000017 nop 0x00000018 jbe 00007FA1E8D19492h 0x0000001e jp 00007FA1E8D1948Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623537 second address: 623542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FA1E9520846h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62363C second address: 623641 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623703 second address: 623715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1E952084Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623715 second address: 623719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623719 second address: 623742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FA1E952084Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1E9520850h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623742 second address: 623746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623B73 second address: 623BAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007FA1E9520854h 0x0000000d nop 0x0000000e mov ecx, dword ptr [ebp+122D2B2Bh] 0x00000014 push 0000001Eh 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007FA1E9520850h 0x00000021 popad 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623EF0 second address: 623F03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007FA1E8D19486h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623F03 second address: 623F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623FBD second address: 62401C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1E8D1948Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FA1E8D19488h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 call 00007FA1E8D19499h 0x0000002a movsx ecx, cx 0x0000002d pop ecx 0x0000002e lea eax, dword ptr [ebp+1247DA15h] 0x00000034 mov dword ptr [ebp+122D1FF3h], eax 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62401C second address: 624027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA1E9520846h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 624027 second address: 624047 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19495h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 624047 second address: 62404B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62404B second address: 62405E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62405E second address: 6240A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA1E9520856h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007FA1E9520858h 0x00000013 lea eax, dword ptr [ebp+1247D9D1h] 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6240A3 second address: 6240A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6240A8 second address: 601B71 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1E9520857h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jno 00007FA1E9520848h 0x00000013 call dword ptr [ebp+122D1C49h] 0x00000019 push ecx 0x0000001a push edi 0x0000001b jo 00007FA1E9520846h 0x00000021 jbe 00007FA1E9520846h 0x00000027 pop edi 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 601B71 second address: 601B75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6575B1 second address: 6575B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6575B5 second address: 6575D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FA1E8D19495h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6575D9 second address: 6575E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6575E4 second address: 6575F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007FA1E8D194A8h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 600F93 second address: 600FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007FA1E9520846h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FA1E9520846h 0x00000018 jmp 00007FA1E952084Bh 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 657868 second address: 65786C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 657DB9 second address: 657DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1E9520846h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 657DC3 second address: 657DC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65C690 second address: 65C696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65C696 second address: 65C6B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E8D19494h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65C6B0 second address: 65C6B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CA11 second address: 65CA16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CA16 second address: 65CA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CB4B second address: 65CB51 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CB51 second address: 65CB93 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1E9520848h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FA1E9520854h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 jmp 00007FA1E9520854h 0x0000001d push edi 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CCE7 second address: 65CCF1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65CCF1 second address: 65CCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65D2E1 second address: 65D2FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19496h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65D2FB second address: 65D319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520857h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65DA0F second address: 65DA1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 65DA1B second address: 65DA21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 663E97 second address: 663EC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E8D1948Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA1E8D19495h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 665F03 second address: 665F1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007FA1E9520846h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jng 00007FA1E9520846h 0x00000015 ja 00007FA1E9520846h 0x0000001b pop edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6690C5 second address: 6690C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6690C9 second address: 6690DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FA1E952084Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66BFE0 second address: 66BFF0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1E8D19486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66BFF0 second address: 66BFF6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66B9F2 second address: 66B9F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66BB4C second address: 66BB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66FC6A second address: 66FC75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66FC75 second address: 66FC86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FA1E9520846h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66F4FD second address: 66F503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66F665 second address: 66F66B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66F92A second address: 66F971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19490h 0x00000009 push ecx 0x0000000a jp 00007FA1E8D19486h 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007FA1E8D1948Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA1E8D19492h 0x0000001f jns 00007FA1E8D19486h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 66F971 second address: 66F975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 676380 second address: 676388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 676388 second address: 67638F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67638F second address: 676394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 674BFB second address: 674C26 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1E9520846h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007FA1E9520859h 0x00000012 popad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 674C26 second address: 674C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 674EEF second address: 674EF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 675047 second address: 675055 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1E8D19488h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6751CE second address: 6751D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA1E9520846h 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62395B second address: 62395F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 62395F second address: 623A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520853h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FA1E9520859h 0x00000011 pushad 0x00000012 jmp 00007FA1E952084Fh 0x00000017 jl 00007FA1E9520846h 0x0000001d popad 0x0000001e popad 0x0000001f nop 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FA1E9520848h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000014h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a jmp 00007FA1E952084Bh 0x0000003f mov edx, dword ptr [ebp+122D2A0Bh] 0x00000045 mov ebx, dword ptr [ebp+1247DA10h] 0x0000004b push 00000000h 0x0000004d push ebp 0x0000004e call 00007FA1E9520848h 0x00000053 pop ebp 0x00000054 mov dword ptr [esp+04h], ebp 0x00000058 add dword ptr [esp+04h], 0000001Bh 0x00000060 inc ebp 0x00000061 push ebp 0x00000062 ret 0x00000063 pop ebp 0x00000064 ret 0x00000065 or edi, dword ptr [ebp+122D1987h] 0x0000006b add eax, ebx 0x0000006d xor dword ptr [ebp+124426FEh], eax 0x00000073 nop 0x00000074 jo 00007FA1E9520858h 0x0000007a push eax 0x0000007b push edx 0x0000007c jns 00007FA1E9520846h 0x00000082 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623A1E second address: 623A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 623A22 second address: 623A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 ja 00007FA1E952084Ch 0x0000000e push ebx 0x0000000f jmp 00007FA1E952084Ah 0x00000014 pop ebx 0x00000015 popad 0x00000016 nop 0x00000017 mov edi, esi 0x00000019 push 00000004h 0x0000001b mov edx, dword ptr [ebp+122D1C39h] 0x00000021 nop 0x00000022 jmp 00007FA1E952084Ch 0x00000027 push eax 0x00000028 pushad 0x00000029 push ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 675597 second address: 6755B4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1E8D19486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1E8D19491h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 676067 second address: 67606B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67606B second address: 67606F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67606F second address: 676075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 676075 second address: 6760B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1E8D1948Ah 0x0000000c jmp 00007FA1E8D19498h 0x00000011 jmp 00007FA1E8D19491h 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6760B0 second address: 6760B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67A25D second address: 67A262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67A262 second address: 67A26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67A26A second address: 67A277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679578 second address: 679589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E952084Ah 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679589 second address: 679593 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1E8D1948Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679832 second address: 679854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E9520854h 0x00000009 popad 0x0000000a pushad 0x0000000b jl 00007FA1E9520846h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679854 second address: 679868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 ja 00007FA1E8D19486h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679868 second address: 679872 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679C79 second address: 679CAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D19492h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FA1E8D1949Fh 0x0000000f jmp 00007FA1E8D19493h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 679CAA second address: 679CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA1E9520853h 0x0000000b jmp 00007FA1E9520852h 0x00000010 jl 00007FA1E952084Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68169A second address: 68169E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68169E second address: 6816A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 67FFC6 second address: 67FFCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68106A second address: 681083 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA1E952084Fh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 681083 second address: 681087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 681087 second address: 6810BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E9520851h 0x0000000b jg 00007FA1E9520852h 0x00000011 jmp 00007FA1E952084Ch 0x00000016 popad 0x00000017 pushad 0x00000018 jc 00007FA1E952084Eh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6810BA second address: 6810EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jc 00007FA1E8D19486h 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FA1E8D19494h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 686B62 second address: 686B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 686B66 second address: 686B6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 689D47 second address: 689D5F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA1E952084Eh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 689ED0 second address: 689F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D1948Eh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c jne 00007FA1E8D19486h 0x00000012 jmp 00007FA1E8D19492h 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop eax 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A048 second address: 68A05F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E9520851h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A05F second address: 68A064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A064 second address: 68A06A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A06A second address: 68A0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA1E8D19486h 0x0000000a popad 0x0000000b jns 00007FA1E8D19494h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007FA1E8D19491h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A0A0 second address: 68A0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A0A6 second address: 68A0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A1E2 second address: 68A1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E9520850h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A1F6 second address: 68A216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FA1E8D19497h 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 68A216 second address: 68A21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6944ED second address: 694558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E8D19495h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push ecx 0x0000000d jmp 00007FA1E8D1948Bh 0x00000012 pop ecx 0x00000013 ja 00007FA1E8D19495h 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d pop eax 0x0000001e push edi 0x0000001f pop edi 0x00000020 push eax 0x00000021 pop eax 0x00000022 popad 0x00000023 push edi 0x00000024 jnl 00007FA1E8D19486h 0x0000002a pop edi 0x0000002b pushad 0x0000002c jmp 00007FA1E8D19498h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6930A1 second address: 6930A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 693327 second address: 693332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 693CFD second address: 693D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 693D06 second address: 693D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69439F second address: 6943A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6923AA second address: 6923C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA1E8D19495h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6923C6 second address: 6923CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6923CA second address: 6923F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1E8D19490h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA1E8D1948Eh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69798C second address: 697992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 697992 second address: 697996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 697996 second address: 6979BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520859h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA1E952084Bh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6979BE second address: 6979F6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1E8D19486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jmp 00007FA1E8D1948Fh 0x00000014 jno 00007FA1E8D19486h 0x0000001a pop ebx 0x0000001b jmp 00007FA1E8D19493h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C566 second address: 69C57E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA1E952084Ah 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C21F second address: 69C22B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA1E8D19486h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C22B second address: 69C25C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA1E952084Dh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA1E9520855h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C25C second address: 69C270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E8D1948Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C270 second address: 69C274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 69C274 second address: 69C278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7DAD second address: 6A7DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7DB3 second address: 6A7DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7DB9 second address: 6A7DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FA1E9520853h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 push edi 0x00000011 jmp 00007FA1E9520856h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop edi 0x00000019 jl 00007FA1E952084Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7DF9 second address: 6A7E10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FA1E8D1948Ch 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E10 second address: 6A7E1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E1A second address: 6A7E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E1E second address: 6A7E22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E22 second address: 6A7E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E28 second address: 6A7E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A7E2E second address: 6A7E39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FA1E8D19486h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A9CAA second address: 6A9CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA1E9520853h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A9CC7 second address: 6A9CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA1E8D19486h 0x0000000a jne 00007FA1E8D19486h 0x00000010 popad 0x00000011 jo 00007FA1E8D19488h 0x00000017 push edi 0x00000018 pop edi 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A9CE3 second address: 6A9CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5DC831 second address: 5DC869 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1E8D1948Eh 0x00000008 pushad 0x00000009 jmp 00007FA1E8D19494h 0x0000000e jmp 00007FA1E8D19491h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 5DC869 second address: 5DC8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA1E9520846h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007FA1E9520873h 0x00000013 jp 00007FA1E952084Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA1E9520859h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6A98AA second address: 6A98B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6AF417 second address: 6AF41D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6AF41D second address: 6AF426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6B72C0 second address: 6B72C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6C55E6 second address: 6C55EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6C588C second address: 6C58A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1E9520857h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6C58A8 second address: 6C58AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6C67C6 second address: 6C67CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6CAD84 second address: 6CAD89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6CAD89 second address: 6CADA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1E952084Dh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007FA1E9520846h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6D6154 second address: 6D615C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6D615C second address: 6D6160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 6D9FFD second address: 6DA007 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1E8D19486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7005E5 second address: 7005FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jl 00007FA1E952084Ch 0x0000000c jc 00007FA1E9520846h 0x00000012 pop esi 0x00000013 push esi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7005FC second address: 700617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA1E8D1948Ch 0x0000000b popad 0x0000000c jc 00007FA1E8D1949Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 700DEB second address: 700DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 700DEF second address: 700DFF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1E8D19486h 0x00000008 jg 00007FA1E8D19486h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7010C7 second address: 7010DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E952084Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7010DC second address: 7010E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 70299D second address: 7029B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7067C8 second address: 7067CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 7069CE second address: 7069D8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1E9520846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706A69 second address: 706AC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007FA1E8D19488h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov edx, eax 0x00000027 push 00000004h 0x00000029 sub dh, 0000005Dh 0x0000002c mov dword ptr [ebp+12441BB8h], eax 0x00000032 call 00007FA1E8D19489h 0x00000037 jmp 00007FA1E8D19491h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706AC1 second address: 706ADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E9520856h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706ADB second address: 706AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jne 00007FA1E8D19486h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007FA1E8D19488h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706AF7 second address: 706B10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FA1E9520846h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 push edi 0x00000011 jbe 00007FA1E952084Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706B10 second address: 706B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706B1F second address: 706B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1E952084Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 706D5A second address: 706D5F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRDTSC instruction interceptor: First address: 61E024 second address: 61E04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA1E9520846h 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FA1E9520853h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSpecial instruction interceptor: First address: 478A7A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSpecial instruction interceptor: First address: 478B3E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSpecial instruction interceptor: First address: 60F44C instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSpecial instruction interceptor: First address: 69E928 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C567 rdtsc 0_2_0047C567
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exe TID: 6188Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exe TID: 6188Thread sleep time: -30000s >= -30000sJump to behavior
    Source: pTM2NWuTvC.exe, pTM2NWuTvC.exe, 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000121B000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: pTM2NWuTvC.exe, 00000000.00000003.1328390044.000000000120A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.000000000120A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: pTM2NWuTvC.exe, 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile opened: SICE
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0047C567 rdtsc 0_2_0047C567
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeCode function: 0_2_0045E110 LdrInitializeThunk,0_2_0045E110

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: pTM2NWuTvC.exeString found in binary or memory: bashfulacid.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: tentabatte.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: curverpluch.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: talkynicer.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: shapestickyr.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: manyrestro.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: slipperyloo.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: wordyfindy.lat
    Source: pTM2NWuTvC.exeString found in binary or memory: observerfry.lat
    Source: pTM2NWuTvC.exe, 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: dProgram Manager
    Source: pTM2NWuTvC.exeBinary or memory string: dProgram Manager
    Source: C:\Users\user\Desktop\pTM2NWuTvC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    pTM2NWuTvC.exe66%ReversingLabsWin32.Trojan.Symmi
    pTM2NWuTvC.exe100%AviraTR/Crypt.XPACK.Gen
    pTM2NWuTvC.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://bashfulacid.lat:443/api100%Avira URL Cloudmalware
    https://talkynicer.lat/100%Avira URL Cloudmalware
    https://curverpluch.lat:443/api100%Avira URL Cloudmalware
    https://slipperyloo.lat:443/apiz100%Avira URL Cloudmalware
    https://tentabatte.lat:443/api100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      wordyfindy.lat
      		unknown
      		unknownfalse
        		high
        slipperyloo.lat
        		unknown
        		unknownfalse
          		high
          curverpluch.lat
          		unknown
          		unknownfalse
            		high
            tentabatte.lat
            		unknown
            		unknownfalse
              		high
              manyrestro.lat
              		unknown
              		unknownfalse
                		high
                bashfulacid.lat
                		unknown
                		unknownfalse
                  		high
                  shapestickyr.lat
                  		unknown
                  		unknownfalse
                    		high
                    observerfry.lat
                    		unknown
                    		unknownfalse
                      		high
                      talkynicer.lat
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        slipperyloo.latfalse
                          		high
                          curverpluch.latfalse
                            		high
                            tentabatte.latfalse
                              		high
                              manyrestro.latfalse
                                		high
                                bashfulacid.latfalse
                                  		high
                                  observerfry.latfalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        shapestickyr.latfalse
                                          		high
                                          talkynicer.latfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.compTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcastspTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampowered.com/en/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/market/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/news/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://store.steampowered.com/subscriber_agreement/pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgpTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://recaptcha.net/recaptcha/;pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.valvesoftware.com/legal.htmpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/discussions/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.compTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.compTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://store.steampowered.com/stats/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&ampTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://medal.tvpTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://broadcast.st.dl.eccdnx.compTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&apTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/steam_refunds/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://bashfulacid.lat:443/apipTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://talkynicer.lat/pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://steamcommunity.com/profiles/76561199724331900P$pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackpTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&apTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://s.ytimg.com;pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRipTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/workshop/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.steampowered.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/legal/pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=englipTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steam.tv/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/pTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://tentabatte.lat:443/apipTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                              		unknown
                                                                                                                                              http://store.steampowered.com/privacy_agreement/pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com:443/profiles/76561199724331900pTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/points/shop/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://recaptcha.netpTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.compTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://sketchfab.compTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://lv.queniujq.cnpTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.youtube.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://127.0.0.1:27060pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/privacy_agreement/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://curverpluch.lat:443/apipTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://steamcommunity.com/G$pTM2NWuTvC.exe, 00000000.00000003.1328390044.000000000120A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQpTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&ampTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.google.com/recaptcha/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://checkout.steampowered.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amppTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://slipperyloo.lat:443/apizpTM2NWuTvC.exe, 00000000.00000003.1328390044.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://help.steampowered.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://api.steampowered.com/pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/points/shoppTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://store.steampowered.com/account/cookiepreferences/pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.000000000121A000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000126D000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/mobilepTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.000000000120A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81pTM2NWuTvC.exe, 00000000.00000002.1330265849.000000000125E000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000002.1330047768.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001212000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328918775.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/;pTM2NWuTvC.exe, 00000000.00000003.1328390044.0000000001228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/about/pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lpTM2NWuTvC.exe, 00000000.00000002.1330265849.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328693339.0000000001262000.00000004.00000020.00020000.00000000.sdmp, pTM2NWuTvC.exe, 00000000.00000003.1328365173.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      104.102.49.254
                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1580920
                                                                                                                                                                                                      Start date and time:2024-12-26 13:11:06 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 4m 52s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:12
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:pTM2NWuTvC.exe
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:6f19c240770b3501ef6870a9906a1c4d.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • VT rate limit hit for: pTM2NWuTvC.exe

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      07:12:01API Interceptor6x Sleep call for process: pTM2NWuTvC.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                      • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                      http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      steamcommunity.comY4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      AKAMAI-ASUSY4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                      • 104.121.10.34
                                                                                                                                                                                                      Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 2.19.198.51
                                                                                                                                                                                                      xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 23.41.55.10
                                                                                                                                                                                                      xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 23.64.163.184
                                                                                                                                                                                                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 23.194.143.78

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1DjnwNMDQhC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      Y4svWfRK1L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      YKri2nEBWE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      0c8cY5GOMh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      No created / dropped files found

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):7.949932935754334
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:pTM2NWuTvC.exe
                                                                                                                                                                                                      File size:1'848'832 bytes
                                                                                                                                                                                                      MD5:6f19c240770b3501ef6870a9906a1c4d
                                                                                                                                                                                                      SHA1:9157131784fe1b8695c599f4bab8b4971fd229be
                                                                                                                                                                                                      SHA256:7947450d51447146e32fff1d85b02695a6359e4d704f314d3065e42f9b7bf82a
                                                                                                                                                                                                      SHA512:232056d6abf47c7b2cd5767969d22a067f8d633d53523856805300f30d75c14423d050a3cad4ba28b3538a734ccb83ec6e1a1a78a7d108014686f7b6f816dcfb
                                                                                                                                                                                                      SSDEEP:24576:JAI4UkWoOP72HpXCYEl8lxnnKmcSyRWivSvej9TYkf0w3Cvn2Slj+pZ0I434DMgY:uNUkgaXCY1N0jHOVlj80I438MjniJ
                                                                                                                                                                                                      TLSH:8685335BB47B38B7CA8D8B7C444F8702A2A4EE2F513A921F404315777AA27C57BB14D8
                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................H...........@.......................... I...........@.................................Y@..m..

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x88f000
                                                                                                                                                                                                      Entrypoint Section:.taggant
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      jmp 00007FA1E9344A6Ah
                                                                                                                                                                                                      unpcklps xmm3, dqword ptr [eax+eax]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      jmp 00007FA1E9346A65h
                                                                                                                                                                                                      add byte ptr [ebx], al
                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], dh
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax+eax], ah
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      and dword ptr [eax], eax
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      mov cl, 80h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      xor byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add al, 00h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      and al, 00h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      adc byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add ecx, dword ptr [edx]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      xor byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      or al, 80h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      adc byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add ecx, dword ptr [edx]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      adc byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      pop es
                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [edi], al
                                                                                                                                                                                                      add byte ptr [eax], 00000000h
                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      0x10000x520000x26400ac63d945b560f1d9d76e80a4734fba60False0.9994893790849673data7.983348957887643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      0x550000x29f0000x2000bd1bcdb095f59abea35de5ea9812bd2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      fecmjzxm0x2f40000x19a0000x1996009bca7a89e7d1e7755bf127e0eff31948False0.9947453482824428OpenPGP Public Key7.954030950167311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      emcirhhj0x48e0000x10000x40036fe60efc1f19863b9a53943c1611e53False0.798828125data6.2745492830912495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .taggant0x48f0000x30000x220063f8ca90cc5d336cc10289cd1c466e24False0.08306525735294118DOS executable (COM)0.9557601573402439IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      kernel32.dlllstrcpy

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                      2024-12-26T13:12:01.646288+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.10562001.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:01.795472+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.10571031.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:01.943987+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.10502321.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:02.085302+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.10558341.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:02.225740+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.10577651.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:02.378557+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.10615071.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:02.522258+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.10571811.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:02.671614+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.10586031.1.1.153UDP
                                                                                                                                                                                                      2024-12-26T13:12:04.452276+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049704104.102.49.254443TCP
                                                                                                                                                                                                      2024-12-26T13:12:05.213624+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.1049704104.102.49.254443TCP

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.973169088 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.973234892 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.973303080 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.976142883 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.976156950 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.452157021 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.452275991 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.455790997 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.455802917 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.456012011 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.499705076 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.509659052 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:04.555327892 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213650942 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213671923 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213691950 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213711023 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213731050 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213745117 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213774920 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213824987 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.213843107 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.409677982 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.409720898 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.409743071 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.409801006 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.409812927 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.410923958 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.410938978 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.410949945 CET49704443192.168.2.10104.102.49.254
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.411108017 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.411155939 CET44349704104.102.49.254192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:05.411206961 CET49704443192.168.2.10104.102.49.254

                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.501317024 CET5379353192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.643543005 CET53537931.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.646287918 CET5620053192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.789648056 CET53562001.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.795471907 CET5710353192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.941760063 CET53571031.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.943986893 CET5023253192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.081710100 CET53502321.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.085302114 CET5583453192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.222259045 CET53558341.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.225739956 CET5776553192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.370578051 CET53577651.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.378556967 CET6150753192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.517829895 CET53615071.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.522258043 CET5718153192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.659940004 CET53571811.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.671613932 CET5860353192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.811259031 CET53586031.1.1.1192.168.2.10
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.821593046 CET6482053192.168.2.101.1.1.1
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.958506107 CET53648201.1.1.1192.168.2.10

                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.501317024 CET192.168.2.101.1.1.10xbadbStandard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.646287918 CET192.168.2.101.1.1.10xecedStandard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.795471907 CET192.168.2.101.1.1.10x2defStandard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.943986893 CET192.168.2.101.1.1.10x67edStandard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.085302114 CET192.168.2.101.1.1.10x2c16Standard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.225739956 CET192.168.2.101.1.1.10x7168Standard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.378556967 CET192.168.2.101.1.1.10x4f4eStandard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.522258043 CET192.168.2.101.1.1.10x1ec8Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.671613932 CET192.168.2.101.1.1.10x9204Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.821593046 CET192.168.2.101.1.1.10xb2f0Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.643543005 CET1.1.1.1192.168.2.100xbadbName error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.789648056 CET1.1.1.1192.168.2.100xecedName error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:01.941760063 CET1.1.1.1192.168.2.100x2defName error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.081710100 CET1.1.1.1192.168.2.100x67edName error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.222259045 CET1.1.1.1192.168.2.100x2c16Name error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.370578051 CET1.1.1.1192.168.2.100x7168Name error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.517829895 CET1.1.1.1192.168.2.100x4f4eName error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.659940004 CET1.1.1.1192.168.2.100x1ec8Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.811259031 CET1.1.1.1192.168.2.100x9204Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 26, 2024 13:12:02.958506107 CET1.1.1.1192.168.2.100xb2f0No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • steamcommunity.com

                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      0192.168.2.1049704104.102.49.2544437912C:\Users\user\Desktop\pTM2NWuTvC.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-12-26 12:12:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                      2024-12-26 12:12:05 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 12:12:04 GMT
                                                                                                                                                                                                      Content-Length: 25665
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Set-Cookie: sessionid=d0576a06b1761b2e503d00dc; Path=/; Secure; SameSite=None
                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                      2024-12-26 12:12:05 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                      2024-12-26 12:12:05 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                      Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:07:11:57
                                                                                                                                                                                                      Start date:26/12/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\pTM2NWuTvC.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\pTM2NWuTvC.exe"
                                                                                                                                                                                                      Imagebase:0x420000
                                                                                                                                                                                                      File size:1'848'832 bytes
                                                                                                                                                                                                      MD5 hash:6F19C240770B3501EF6870A9906A1C4D
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:0.7%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:26.7%
                                                                                                                                                                                                        Total number of Nodes:60
                                                                                                                                                                                                        Total number of Limit Nodes:4
                                                                                                                                                                                                        execution_graph 20366 479845 VirtualAlloc 20367 479857 20366->20367 20367->20367 20368 428600 20372 42860f 20368->20372 20369 428a48 ExitProcess 20370 428a31 20375 45e080 FreeLibrary 20370->20375 20372->20369 20372->20370 20374 42b7b0 FreeLibrary FreeLibrary 20372->20374 20374->20370 20375->20369 20376 45e967 20377 45e980 20376->20377 20377->20377 20380 45e110 LdrInitializeThunk 20377->20380 20379 45e9ef 20380->20379 20381 45e760 20383 45e780 20381->20383 20382 45e7be 20383->20382 20385 45e110 LdrInitializeThunk 20383->20385 20385->20382 20386 479401 VirtualAlloc 20400 42a369 20401 42a430 20400->20401 20401->20401 20404 42b100 20401->20404 20403 42a479 20405 42b190 20404->20405 20405->20405 20407 42b1b5 20405->20407 20408 45e0a0 20405->20408 20407->20403 20409 45e0d4 20408->20409 20410 45e0c0 20408->20410 20411 45e0f3 20408->20411 20412 45e0e8 20408->20412 20414 45e0d9 RtlReAllocateHeap 20409->20414 20410->20409 20410->20411 20415 45c570 20411->20415 20412->20405 20414->20412 20416 45c585 20415->20416 20417 45c583 20415->20417 20418 45c58a RtlFreeHeap 20416->20418 20417->20412 20418->20412 20419 45ea29 20420 45ea50 20419->20420 20422 45ea8e 20420->20422 20426 45e110 LdrInitializeThunk 20420->20426 20425 45e110 LdrInitializeThunk 20422->20425 20424 45eb59 20425->20424 20426->20422 20427 45eb88 20428 45eba0 20427->20428 20431 45ebde 20428->20431 20434 45e110 LdrInitializeThunk 20428->20434 20429 45ec4e 20431->20429 20433 45e110 LdrInitializeThunk 20431->20433 20433->20429 20434->20431 20435 429eb7 20438 45fe00 20435->20438 20437 429ec7 WSAStartup 20439 45fe20 20438->20439 20439->20437 20439->20439 20440 45c55c RtlAllocateHeap 20446 45679f 20448 4567bc 20446->20448 20449 45682d 20448->20449 20450 45e110 LdrInitializeThunk 20448->20450 20450->20448 20451 429d1e 20452 429d40 20451->20452 20452->20452 20453 429d94 LoadLibraryExW 20452->20453 20454 429da5 20453->20454 20455 429e74 LoadLibraryExW 20454->20455 20456 429e85 20455->20456

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 0042B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 42b100-42b18b 1 42b190-42b199 0->1 1->1 2 42b19b-42b1ae 1->2 4 42b4f6-42b4fd 2->4 5 42b414-42b4b7 call 427e30 2->5 6 42b4e4-42b4ef 2->6 7 42b1b5-42b1b7 2->7 8 42b40b-42b40f 2->8 9 42b4be-42b4c7 2->9 10 42b52f-42b538 2->10 11 42b1bc-42b3db 2->11 38 42b572-42b592 4->38 5->4 5->6 5->9 5->10 19 42b782 5->19 20 42b5e3-42b5f0 5->20 21 42b623-42b62f 5->21 22 42b780 5->22 23 42b647-42b657 5->23 24 42b748-42b76d 5->24 25 42b789 5->25 26 42b689-42b697 5->26 27 42b76f 5->27 28 42b66f-42b687 call 45fe00 5->28 29 42b792-42b79a 5->29 30 42b6f0-42b6f1 5->30 31 42b610-42b61e 5->31 32 42b717-42b732 call 45e0a0 5->32 33 42b5f7-42b60e call 45fe00 5->33 34 42b65e-42b668 5->34 35 42b6fe-42b710 5->35 36 42b79f 5->36 37 42b69c-42b6b1 5->37 6->4 6->10 6->19 6->20 6->21 6->22 6->23 6->24 6->25 6->26 6->27 6->28 6->29 6->30 6->31 6->32 6->33 6->34 6->35 6->36 6->37 12 42b6df-42b6e6 7->12 15 42b6d3-42b6dc 8->15 17 42b4ce-42b4df 9->17 18 42b4ff-42b52a call 45fe00 9->18 14 42b540-42b56a 10->14 13 42b3e0-42b3eb 11->13 13->13 41 42b3ed-42b3f8 13->41 14->14 46 42b56c-42b56f 14->46 15->12 44 42b6c6 17->44 18->44 19->25 20->31 20->33 57 42b636-42b640 21->57 23->19 23->22 23->24 23->25 23->26 23->27 23->28 23->29 23->30 23->31 23->32 23->33 23->34 23->35 23->36 23->37 42 42b774-42b77a 24->42 25->29 39 42b7a2-42b7a9 26->39 27->42 28->26 29->30 53 42b6f8 30->53 49 42b6ba-42b6bd 31->49 55 42b737-42b741 32->55 33->31 34->26 34->28 34->31 34->33 35->19 35->22 35->24 35->25 35->26 35->27 35->28 35->31 35->32 35->33 35->36 36->39 37->49 47 42b5a0-42b5bd 38->47 39->49 62 42b3fb-42b404 41->62 42->22 61 42b6cd-42b6d0 44->61 46->38 47->47 52 42b5bf-42b5dc 47->52 49->44 52->19 52->20 52->21 52->22 52->23 52->24 52->25 52->26 52->27 52->28 52->29 52->30 52->31 52->32 52->33 52->34 52->35 52->36 52->37 53->35 55->19 55->22 55->24 55->25 55->26 55->27 55->28 55->31 55->33 55->36 57->19 57->22 57->23 57->24 57->25 57->26 57->27 57->28 57->29 57->30 57->31 57->32 57->33 57->34 57->35 57->36 57->37 61->15 62->4 62->5 62->6 62->8 62->9 62->10 62->19 62->20 62->21 62->22 62->23 62->24 62->25 62->26 62->27 62->28 62->29 62->30 62->31 62->32 62->33 62->34 62->35 62->36 62->37
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                        • API String ID: 0-620192811
                                                                                                                                                                                                        • Opcode ID: 57e5e1fa7c8ef942603a43dc8b6be25909d26e3c2ab9ad172ca37380bcb24ab5
                                                                                                                                                                                                        • Instruction ID: 038a07b60fe7bda9f51de75ff41e443b2f0e2aa28a511f01aa2fa1a314e95e33
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57e5e1fa7c8ef942603a43dc8b6be25909d26e3c2ab9ad172ca37380bcb24ab5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F0265B0200B01DFD324CF25E891B97BBE1FB45314F408A2DD4AB8BAA0D774A455CF96
                                                                                                                                                                                                        Function 00428600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 74 428600-428611 call 45d9a0 77 428617-42861e call 4562a0 74->77 78 428a48-428a4f ExitProcess 74->78 81 428a31-428a38 77->81 82 428624-42864a 77->82 83 428a43 call 45e080 81->83 84 428a3a-428a40 call 427f60 81->84 90 428650-42887f 82->90 91 42864c-42864e 82->91 83->78 84->83 93 428880-4288ce 90->93 91->90 93->93 94 4288d0-42891d call 45c540 93->94 97 428920-428943 94->97 98 428964-42897c 97->98 99 428945-428962 97->99 101 428982-428a0b 98->101 102 428a0d-428a1b call 429d00 98->102 99->97 101->102 104 428a20-428a25 102->104 104->81 105 428a27-428a2c call 42cb90 call 42b7b0 104->105 105->81
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 00428A4A
                                                                                                                                                                                                          • Part of subcall function 0042B7B0: FreeLibrary.KERNEL32(00428A31), ref: 0042B7B6
                                                                                                                                                                                                          • Part of subcall function 0042B7B0: FreeLibrary.KERNEL32 ref: 0042B7D7
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                        • String ID: b]u)$}$}
                                                                                                                                                                                                        • API String ID: 1614911148-2900034282
                                                                                                                                                                                                        • Opcode ID: 786f7c57b25500b0a54f7cf0a1846d2b53ef164f92619b5c0e9c17c301cb1182
                                                                                                                                                                                                        • Instruction ID: 81491bd26c2d0438af620903a2530d71300b76064c55538163bf7286dafa6768
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 786f7c57b25500b0a54f7cf0a1846d2b53ef164f92619b5c0e9c17c301cb1182
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FC1F773B187244BC718DF69D84125AF7D6ABC8710F0EC52EA898EB355EA74DC048BC6
                                                                                                                                                                                                        Function 0045E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 170 45e110-45e142 LdrInitializeThunk
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(0046148A,?,00000018,?,?,00000018,?,?,?), ref: 0045E13E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                        Function 00461720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 172 461720-461741 173 461750-46176b 172->173 173->173 174 46176d-461779 173->174 175 4617e0-4617e5 174->175 176 46177b-461785 174->176 177 4617eb-4617ff 175->177 178 461879-46187b 175->178 179 461790-461797 176->179 182 461800-46181b 177->182 180 46188d-461894 178->180 181 46187d-461884 178->181 183 4617ad-4617b5 179->183 184 461799-4617a7 179->184 187 461886 181->187 188 46188a 181->188 182->182 189 46181d-461828 182->189 183->175 186 4617b7-4617d8 call 45e110 183->186 184->179 185 4617a9-4617ab 184->185 185->175 194 4617dd 186->194 187->188 188->180 191 461871-461873 189->191 192 46182a-461832 189->192 191->178 193 461875 191->193 195 461840-461847 192->195 193->178 194->175 196 461850-461856 195->196 197 461849-46184c 195->197 196->191 199 461858-46186e call 45e110 196->199 197->195 198 46184e 197->198 198->191 199->191
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: =<32
                                                                                                                                                                                                        • API String ID: 2994545307-852023076
                                                                                                                                                                                                        • Opcode ID: d371e331885cb0b3df943df81ad998a5037b29b08c8be59fa4e0f29fefbdbe8d
                                                                                                                                                                                                        • Instruction ID: 5f40f37771cc8b7d698863d74063113877d8e1fb973d449c297e445f866faf43
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d371e331885cb0b3df943df81ad998a5037b29b08c8be59fa4e0f29fefbdbe8d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A3125386043045BE714AA14DC91B3FB3A5EB84750F1C852EE585973B1F678DC50878B
                                                                                                                                                                                                        Function 00429D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 109 429d1e-429d34 110 429d40-429d52 109->110 110->110 111 429d54-429d7e 110->111 112 429d80-429d92 111->112 112->112 113 429d94-429e13 LoadLibraryExW call 45d960 112->113 116 429e20-429e32 113->116 116->116 117 429e34-429e5e 116->117 118 429e60-429e72 117->118 118->118 119 429e74-429e80 LoadLibraryExW call 45d960 118->119 121 429e85-429e98 119->121
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00429D98
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00429E78
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                        • String ID: CKK
                                                                                                                                                                                                        • API String ID: 1029625771-2132730973
                                                                                                                                                                                                        • Opcode ID: 8b3e23ad15dd28f34d2159559a873dc153cfdc61eedc4d3064cb2ccc585830fc
                                                                                                                                                                                                        • Instruction ID: 4d8c785e6aa6be3f8d5e92e72935ae3d5e13510346f1881b487a0a2d1a5f084b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b3e23ad15dd28f34d2159559a873dc153cfdc61eedc4d3064cb2ccc585830fc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 874101B4E003009FE7149F7899D2A9A7F71FB06324F51529DD4902F3A6C635980ACBE6
                                                                                                                                                                                                        Function 0045E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 149 45e0a0-45e0b1 150 45e0d4-45e0e6 call 45f990 RtlReAllocateHeap 149->150 151 45e0c6-45e0cd 149->151 152 45e0c0 149->152 153 45e0f3-45e0f4 call 45c570 149->153 154 45e0e8-45e0f1 call 45c540 149->154 161 45e0fe-45e100 150->161 151->150 151->153 152->151 160 45e0f9-45e0fc 153->160 154->161 160->161
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0045E0E0
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                        • Opcode ID: 1b9e81e08b2f7ed4d31dabc81138f46d4ca6bbf4e0e12e8a1bca24932367d798
                                                                                                                                                                                                        • Instruction ID: 4fa524443124ff2012422fca009273271e83c2c21b141cc34ea30b4cbe77372c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b9e81e08b2f7ed4d31dabc81138f46d4ca6bbf4e0e12e8a1bca24932367d798
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4F0A771424221FBC2502F257D05A5736A8EFC2711F05043AF80457152EAB8DC1AC59B
                                                                                                                                                                                                        Function 00429EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 162 429eb7-429ef7 call 45fe00 WSAStartup
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 00429ED2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Startup
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                                                                                        • Opcode ID: f6f52d7c7921c3d2bf8e514be6bef462918e8e6ac96c55f08de63776d1c8ba69
                                                                                                                                                                                                        • Instruction ID: 76f6c5ba5425f2bd86da72b40cca641680041f40c04d41a12c055b7bccc0b4f2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6f52d7c7921c3d2bf8e514be6bef462918e8e6ac96c55f08de63776d1c8ba69
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BE02B336806029BD700DB30FC57E493356EB15346B058439E905D2272FAB3D4249E16
                                                                                                                                                                                                        Function 0045C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 165 45c570-45c57c 166 45c585-45c597 call 45f990 RtlFreeHeap 165->166 167 45c583-45c584 165->167
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,0045E0F9), ref: 0045C590
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                        • Opcode ID: 735e11465b09100f32dbe1bcb82052b0c1d1eec1b4857ab8636ea32c6eff6bae
                                                                                                                                                                                                        • Instruction ID: 69798da79e9d42de9a2d2d0ab16b125a83c41a49fbda6ea65e51913c2c82cdf9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 735e11465b09100f32dbe1bcb82052b0c1d1eec1b4857ab8636ea32c6eff6bae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28D0C931415622EBC6102F28BD05BC73B589F49221F0708A2F4046A075D6A4EC95CAD9
                                                                                                                                                                                                        Function 0045C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 171 45c55c-45c568 RtlAllocateHeap
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000), ref: 0045C561
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                        • Opcode ID: 1c8905cc43efc8a8610c338aee59e83e667b4984866343ab1a72ee231cefc2fe
                                                                                                                                                                                                        • Instruction ID: 6dac80e061e2b829e43dbe717d167ad82f22c77cf94972fa4916a363889a6d1f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c8905cc43efc8a8610c338aee59e83e667b4984866343ab1a72ee231cefc2fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FA00271184110DFDA562F24FE09FC47B61EB58721F1341A2F105590F6C7B1DCD2DA88
                                                                                                                                                                                                        Function 00479401 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 00479418
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                        • Opcode ID: 570c24fc90c93117cede09b7d909a13eb06fe20e16ea76cf9c68b5fdada1355a
                                                                                                                                                                                                        • Instruction ID: a3aacfdff981b1e5bfa45fe3d90f83324dd21fb9f17812a861ea129ef77e5fa3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 570c24fc90c93117cede09b7d909a13eb06fe20e16ea76cf9c68b5fdada1355a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62D09EB5508108EFE7115F14D805BBFBBA8EB49711F14451AEE8482650D3770C319A5B
                                                                                                                                                                                                        Function 00479845 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                        • Opcode ID: c263f37c79e49928d35b0af9c9f7f2c10f587aaeb6d25acb5e195e73e917467a
                                                                                                                                                                                                        • Instruction ID: 49e3887d798a58d48a7df99123e6faeafa09d3f13c7e055ca02467ea8d49a920
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c263f37c79e49928d35b0af9c9f7f2c10f587aaeb6d25acb5e195e73e917467a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94C0027944810E8B9F00DF74840C2DF3A61FE15321B684613AC26C1A80DB7A8C32DB5E

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 004442D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004443AA
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0044443E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$RED$Xs$bFD$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                        • API String ID: 237503144-3942586377
                                                                                                                                                                                                        • Opcode ID: 81d61c40109072e7554bba1e4df1235f4d5236687136f095942819e3b432ffc6
                                                                                                                                                                                                        • Instruction ID: 8a07bbe76d8a9a642f7bf8582c1287235dce49a33cde7a4b5187338381e7e18f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81d61c40109072e7554bba1e4df1235f4d5236687136f095942819e3b432ffc6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEC20CB560C3848AE334CF14D4527DFBAF2FB82304F00892DD5E96B255D7B5864A8B9B
                                                                                                                                                                                                        Function 00444560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$RED$Xs$bFD$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                        • API String ID: 0-2005840562
                                                                                                                                                                                                        • Opcode ID: 1b24eb677f97e602a99fe51ca8b2c9203aae32072e65a66629f21764c9be352c
                                                                                                                                                                                                        • Instruction ID: 4c7f922e237b8a9f8686cbdbbf826aa9cd79142e45594fef6a96dc436072cc5f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b24eb677f97e602a99fe51ca8b2c9203aae32072e65a66629f21764c9be352c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EC20CB560C3848AE334CF54C852BDFBAF2FB82304F00892DD5E96B255D7B546498B9B
                                                                                                                                                                                                        Function 00459280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeString
                                                                                                                                                                                                        • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                        • API String ID: 3341692771-1335595022
                                                                                                                                                                                                        • Opcode ID: b1a9dd20c68edc439d8f48b8b1fd570fbe2371c8a67cbd74802214c9c252e5d0
                                                                                                                                                                                                        • Instruction ID: 64ba7b3c65003aa5de1ed601491f75fc607780bb575426066c03f08ec4f1e178
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1a9dd20c68edc439d8f48b8b1fd570fbe2371c8a67cbd74802214c9c252e5d0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02222472A183419BD310CF24C881B5BBBE2EFC5314F18892DE9949B391D779DC45CB86
                                                                                                                                                                                                        Function 004360E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                        • API String ID: 0-2746398225
                                                                                                                                                                                                        • Opcode ID: 19b60592f718415bc2c6cbd469bfd3edb4e7203e9fe92aa8a629f9e2bf65f2b7
                                                                                                                                                                                                        • Instruction ID: 5acf1fa00c2cd2e6faad4f7efbd2b6a9917f5deed6bcfc23e46d3faee26fdc81
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19b60592f718415bc2c6cbd469bfd3edb4e7203e9fe92aa8a629f9e2bf65f2b7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D4224B26082519FC7248F28D8817ABB7E2BFD9314F1A893DD4D987355E7389805CB47
                                                                                                                                                                                                        Function 00431227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                        • API String ID: 0-4163809010
                                                                                                                                                                                                        • Opcode ID: f3f648b48b053aba6393f5556d81eef80cbc6d5c4593ef0b430f6ab9685a1228
                                                                                                                                                                                                        • Instruction ID: 0483cc24152122a589b7c93f6c1690df7bcd9dd94eb0644bc77ffb6c82124cdb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3f648b48b053aba6393f5556d81eef80cbc6d5c4593ef0b430f6ab9685a1228
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B952B17260C7908BD3249B38C5953AFBBE1AFD9324F198A2ED4D9C73D1D63889418B47
                                                                                                                                                                                                        Function 005E54EE Relevance: 11.6, Strings: 8, Instructions: 1620COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @=W$A>1$Dr*N$FmU$g4{5$u`$y7;w$y7;w
                                                                                                                                                                                                        • API String ID: 0-2463144333
                                                                                                                                                                                                        • Opcode ID: 247b4cd5cf1c29f5807a3b01c4294fda949aa469bd055badf29a46469d7cb987
                                                                                                                                                                                                        • Instruction ID: 5118d46c52bd911630f4540c7705472d52db25f01ad16c461d5fb66af046e31f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 247b4cd5cf1c29f5807a3b01c4294fda949aa469bd055badf29a46469d7cb987
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24B205F3A0C204AFE7046E29EC8577AFBE9EF94720F1A453DEAC483744E63558058697
                                                                                                                                                                                                        Function 0043747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                        • Opcode ID: 57bb40588b55dc3234279f7be09e92af4779cca33ccc89cb1656a4a3bbdd8ede
                                                                                                                                                                                                        • Instruction ID: 0833bd0ef97263e8a68bd50262b98f23d99c5887a6a7184f52d9d854056a0f80
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57bb40588b55dc3234279f7be09e92af4779cca33ccc89cb1656a4a3bbdd8ede
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C8245B15083518BC724CF28C8917ABB7E1FFC9324F199A6DE8D5973A5E7388805CB46
                                                                                                                                                                                                        Function 00429310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                        • API String ID: 0-3116088196
                                                                                                                                                                                                        • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                        • Instruction ID: 3dff5ae080967e1a1ba7175ff921a8ea9b3351024616b0a02748ee7b8212dc71
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6C1257260C3D58BD322CF69A4A035BFFD19FD6200F484AADE4D51B386D2798D0AC796
                                                                                                                                                                                                        Function 005E032E Relevance: 9.1, Strings: 6, Instructions: 1636COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 3o" $4.~$7o[$9R~'$_4]:$_4]:
                                                                                                                                                                                                        • API String ID: 0-3374602327
                                                                                                                                                                                                        • Opcode ID: fd21322e08dae971d7df5a6576866878932cfe1d2c259a8b774c1bb463670714
                                                                                                                                                                                                        • Instruction ID: 9366b6c7a7783544a7b3c5fc3aba77f5012f2cf0767f0a6542b79956f9a4a218
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd21322e08dae971d7df5a6576866878932cfe1d2c259a8b774c1bb463670714
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74B217F3A0C2049FE304AE2DDC8567ABBE9EF94720F16893DEAC5C7744E63558018796
                                                                                                                                                                                                        Function 004481CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004484BD
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004485B4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                        • Opcode ID: 094854fd86b84ae5cbade05a93af1ddeaa7373cffb9421fa14428f26c04b0948
                                                                                                                                                                                                        • Instruction ID: d93182f02152705ff5786b0bb910c8fd28492e99901a8d506e2c78db339fd9c3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 094854fd86b84ae5cbade05a93af1ddeaa7373cffb9421fa14428f26c04b0948
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9221071A0C341CFE3248F28D88072FBBE1BF89314F194A6DE995573A1E7789901CB5A
                                                                                                                                                                                                        Function 004483D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004484BD
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004485B4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                        • Opcode ID: 1cc91f6fbdfe226c6d872bb8ec162e5813f53dc66b9c45b821be1670e5e9bb41
                                                                                                                                                                                                        • Instruction ID: eab387c2d7bea2866450e9e60db72744e1dfbdd3cc5f59225155b92ddbf0f75d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cc91f6fbdfe226c6d872bb8ec162e5813f53dc66b9c45b821be1670e5e9bb41
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F612007190C341CFE3249F28D88072FBBE1BF89314F194A6DE999573A1E7789901CB5A
                                                                                                                                                                                                        Function 004424E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                        • API String ID: 0-1171452581
                                                                                                                                                                                                        • Opcode ID: ca4b75fe4637fd977568c215151556eb56cdab39f720016307850ce7399e628f
                                                                                                                                                                                                        • Instruction ID: c4347121b27b979c5117b2fdb377677bdf51c83bffc9e4f78bb0461b2aecda2d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca4b75fe4637fd977568c215151556eb56cdab39f720016307850ce7399e628f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 159148716083009BE710DF24C991B67B7F4EF85358F15842DF8898B382E3B8D906C76A
                                                                                                                                                                                                        Function 00438169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                        • API String ID: 0-3257051659
                                                                                                                                                                                                        • Opcode ID: f7bf2b2f01792a6dad023b1676cf015b0678d11aef0348677161a9e42f8e455d
                                                                                                                                                                                                        • Instruction ID: 7be145d5a9aea0837529d7b36f8fcaa599a81e0866b33de5c35cba7943116206
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7bf2b2f01792a6dad023b1676cf015b0678d11aef0348677161a9e42f8e455d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57A149B2A143104BD314CF28D8517AFF7D2FBC4318F59993EE885D7391EA3889028B86
                                                                                                                                                                                                        Function 00441340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                        • API String ID: 0-3993331145
                                                                                                                                                                                                        • Opcode ID: 5856b06241a5d8e355271cf88634ef41c5b1cbf76a03d1922fa8c3cff6fed856
                                                                                                                                                                                                        • Instruction ID: b5892dd08d14e864988ddb50456ee0af8763e57d8e128396cac208d843ddc4a5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5856b06241a5d8e355271cf88634ef41c5b1cbf76a03d1922fa8c3cff6fed856
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DED114B12183048BD728DF24C8A166BB7F2FFD1354F088A1DE4968B3A0E778D944C796
                                                                                                                                                                                                        Function 004491AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004491DA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: +Ku$wpq
                                                                                                                                                                                                        • API String ID: 237503144-1953850642
                                                                                                                                                                                                        • Opcode ID: 3981dca716d100c8efd922f49be0748428c408fd7d06b44991e38c6eddf91b45
                                                                                                                                                                                                        • Instruction ID: 3530032caefdac6afb286023f87bcebb9137b2c8a50e395767e34339c03bd34e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3981dca716d100c8efd922f49be0748428c408fd7d06b44991e38c6eddf91b45
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451CE7221C3118FD324CF29984076FB7E2EBC5314F55892EE4E9CB285DB74D50A8B92
                                                                                                                                                                                                        Function 004490D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00449170
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                        • String ID: M/($M/(
                                                                                                                                                                                                        • API String ID: 237503144-1710806632
                                                                                                                                                                                                        • Opcode ID: 545a2fda0cb0fd564398fec523fc33986833c0e61855ab722e8a7351421e0dd6
                                                                                                                                                                                                        • Instruction ID: e619f7bfde7935c566b2556d723a939036c6f25b168071f63d1259cb3a398e9f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 545a2fda0cb0fd564398fec523fc33986833c0e61855ab722e8a7351421e0dd6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5321237165C3615FE714CE34988279FB7AAEBC6704F01892CE0D1EB2C5D679880BC756
                                                                                                                                                                                                        Function 0053D490 Relevance: 4.3, Strings: 3, Instructions: 501COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: (4]M$VsNY$|"Fj
                                                                                                                                                                                                        • API String ID: 0-687843599
                                                                                                                                                                                                        • Opcode ID: f14a50536053a65b1fa9db57bc912e1e95c200591e5e9a4769b5bd6b56f5c4fb
                                                                                                                                                                                                        • Instruction ID: d4f000c740e4f122a7ab9f4b0165f50071f002f70df39565d5a8f01f10badb1a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f14a50536053a65b1fa9db57bc912e1e95c200591e5e9a4769b5bd6b56f5c4fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3F112B3F002184BF3545939DC98366B692DBD1324F2B423CDB98AB7C5E97E5D0A4285
                                                                                                                                                                                                        Function 0044A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                        • API String ID: 0-3117400391
                                                                                                                                                                                                        • Opcode ID: ad978f8745059e704becf62875d147ff319bd0903130e4a69e0b0cf17d96216f
                                                                                                                                                                                                        • Instruction ID: 5a326d12ae5bef770390258695ca93fe5f9326250336f665c1776cb2ed55497a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad978f8745059e704becf62875d147ff319bd0903130e4a69e0b0cf17d96216f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C1237160C340DFE704DF28D84162BBBE2AF85318F088AADF495473A2E7799955CB1B
                                                                                                                                                                                                        Function 0043D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: [V$bh
                                                                                                                                                                                                        • API String ID: 0-2174178241
                                                                                                                                                                                                        • Opcode ID: 0af36ab36b0cd6c90c49e42576b287b67cf5f54e1395f88c863320f37b6ae662
                                                                                                                                                                                                        • Instruction ID: 35ca063f174c3ea7317ac55a0fb1d3ae91f24e953fbb327c9118428ea0c2e657
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0af36ab36b0cd6c90c49e42576b287b67cf5f54e1395f88c863320f37b6ae662
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E324AB1E01711CBCB24CF29C8926B7B7B1FF99310F18925DD8969B394E738A841CB95
                                                                                                                                                                                                        Function 0049219E Relevance: 3.0, Strings: 2, Instructions: 492COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: u_o$!o
                                                                                                                                                                                                        • API String ID: 0-3756464558
                                                                                                                                                                                                        • Opcode ID: 19e6e8ab344c02e87a316820409e8b794283af2341e4de267f76ff1eab7335af
                                                                                                                                                                                                        • Instruction ID: d6d37466c95f530e83ece8c7cda250009ad3c3bd07c20c637c8cf4f3adae7b3d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19e6e8ab344c02e87a316820409e8b794283af2341e4de267f76ff1eab7335af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF1E2F3F106244BF3184979DC983667682EBE5320F2F82389F99A77C5E87E5D064284
                                                                                                                                                                                                        Function 004F92AA Relevance: 3.0, Strings: 2, Instructions: 476COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: SA{$Yn?[
                                                                                                                                                                                                        • API String ID: 0-1440199298
                                                                                                                                                                                                        • Opcode ID: c1355e900f9effc26cf210565ccb23b0a4a453a8352481d95eb4220e50f7eb65
                                                                                                                                                                                                        • Instruction ID: af33d5d107ef3c085ad3f4e612086e2adfcfb2d236cfbac86d35021f2e2ad6c3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1355e900f9effc26cf210565ccb23b0a4a453a8352481d95eb4220e50f7eb65
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDF10EF3F142244BF3045D2DDC98366B696EBD4320F2B823D9B88977C4E97EAC058285
                                                                                                                                                                                                        Function 004F4257 Relevance: 2.8, Strings: 2, Instructions: 338COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ?=I{$Z
                                                                                                                                                                                                        • API String ID: 0-3652297126
                                                                                                                                                                                                        • Opcode ID: 48451e4c9908256072bc50ec79f60c2df9f6d1c5b19e293d4cd0734f1e6a29bd
                                                                                                                                                                                                        • Instruction ID: 650b1ca1d40f2e29e438be3b85b6ba1b2d3e9ddf65a60ba2bac7e007969cd9b2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48451e4c9908256072bc50ec79f60c2df9f6d1c5b19e293d4cd0734f1e6a29bd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFB179F3F2262547F3444829CC583A265839BE5320F3F42788A5DAB7C6DDBE9D0A5384
                                                                                                                                                                                                        Function 00424270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                        • Opcode ID: 6f5d64a8f32c29cec208218647fb36937d94f4439433fc909e46ee31e786eef1
                                                                                                                                                                                                        • Instruction ID: 55fb5cf9414bb9558339a15352a0f1c3069be297ae3889a847fd8d58c5596439
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5d64a8f32c29cec208218647fb36937d94f4439433fc909e46ee31e786eef1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CD1C171A083549FD720CF14E841B5FBBE4EB94308F54492EF9999B382D379E908CB96
                                                                                                                                                                                                        Function 0042D4F3 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Fm$V]
                                                                                                                                                                                                        • API String ID: 0-2730126902
                                                                                                                                                                                                        • Opcode ID: 4d57d4a5f6abadfedbb1135c7d744eab4f4036ec23af2d695ea2b90838cd0c8a
                                                                                                                                                                                                        • Instruction ID: 80160554f18f5a296fc452d241c7e1fe11a7ac7e59ed4192e789c7c55b1e5eb7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d57d4a5f6abadfedbb1135c7d744eab4f4036ec23af2d695ea2b90838cd0c8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 319111B62457508FD325CF29D880652BFA2EFD631876D86ADC0954F326C37AE807CB94
                                                                                                                                                                                                        Function 004AB1D8 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 1?:U
                                                                                                                                                                                                        • API String ID: 0-2018285943
                                                                                                                                                                                                        • Opcode ID: 565c8750ecd5e232628c48bb98dedf30376119de52809b58c16ded444423943c
                                                                                                                                                                                                        • Instruction ID: f56d7f5845a9c080b8a0899dca72b29b2d4ac3662bd7c2ef9f8eabfab0a428f1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 565c8750ecd5e232628c48bb98dedf30376119de52809b58c16ded444423943c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCE1A0B3F146104BF3044E29DC85366B6D6EBD4320F2A853DDA88DB7C9D97E9C0A8785
                                                                                                                                                                                                        Function 0044D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(1A11171A), ref: 0044D2A4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                        • Opcode ID: 7a963660f1cf66f411293cbd55ee5b11c8dcbb1e61ed1fe3cb337a2fe4d074e9
                                                                                                                                                                                                        • Instruction ID: 2ecee4ea2a12e7a50de2e46879dd407d5e2eb4eff4ff288420aa515fef83133b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a963660f1cf66f411293cbd55ee5b11c8dcbb1e61ed1fe3cb337a2fe4d074e9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF41E1706043818BE3158F34C9A0B63BFE1FF57318F28869DE5D64B393D669980A8B55
                                                                                                                                                                                                        Function 0044D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ><+
                                                                                                                                                                                                        • API String ID: 0-2918635699
                                                                                                                                                                                                        • Opcode ID: 05968d8f88bb5c42d28edbc8914b79f4403ab408f6ade50d3cdda3f5da9f5c8a
                                                                                                                                                                                                        • Instruction ID: cf89f998991828914c7c34c000b765138dfcae4e68dd13bbc2a08af3913e04d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05968d8f88bb5c42d28edbc8914b79f4403ab408f6ade50d3cdda3f5da9f5c8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4C1E575A047418FD725CF2AC490762FBE2BF96310F18859EC4DA8B752D739E806CB54
                                                                                                                                                                                                        Function 0044B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: "
                                                                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                                                                        • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                        • Instruction ID: 8c3ff95f28eed6a1dbd902ab53066be7fb33f3b0b8d8f9d39a5e11ccb9505001
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64C1F7B2A083146BF7258E25C49076BB7E9EF84314F19892FE89587382E73CDC4587D6
                                                                                                                                                                                                        Function 004A547A Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ++x}
                                                                                                                                                                                                        • API String ID: 0-2872942685
                                                                                                                                                                                                        • Opcode ID: 71f0c4aa3777bad62fe81c3fd4c5807d26574ceef24f4a1dd1a0d13815b51b95
                                                                                                                                                                                                        • Instruction ID: 4223f3b1440559458a0f394103dad3e3144815f92d6dc7f13cea9bc29197220c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71f0c4aa3777bad62fe81c3fd4c5807d26574ceef24f4a1dd1a0d13815b51b95
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAC1F1B3E042244BF3046E29DC95366B7D2EB94320F2B813D8EC8977C5E93E6D068785
                                                                                                                                                                                                        Function 004A8115 Relevance: 1.6, Strings: 1, Instructions: 351COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: *
                                                                                                                                                                                                        • API String ID: 0-163128923
                                                                                                                                                                                                        • Opcode ID: ee8be233bb9bd33c6280451a6464e40ff5217c8b20f33d36c37d557aac6f178c
                                                                                                                                                                                                        • Instruction ID: d0dd0207cf723df4106e62c2099272cdcc820b25ff6d230996ff1d463f98c6ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee8be233bb9bd33c6280451a6464e40ff5217c8b20f33d36c37d557aac6f178c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49C18BF3F2152447F3944839CD583A2658397E1324F2F82788E9CAB7CADD7E9D0A5284
                                                                                                                                                                                                        Function 0054024F Relevance: 1.6, Strings: 1, Instructions: 350COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: w
                                                                                                                                                                                                        • API String ID: 0-476252946
                                                                                                                                                                                                        • Opcode ID: 38ff161cc969fe919d5246cb5ec03bbf37c4938046492bc6c881443216b6983e
                                                                                                                                                                                                        • Instruction ID: dac0f9ee2a287b0c1cf416190bd20a24fd3dae936b3c97736add9f33a30340bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ff161cc969fe919d5246cb5ec03bbf37c4938046492bc6c881443216b6983e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43C1ABF7F205214BF3544978CC593A27692ABA4320F2F82788E4DAB7C6D97E5C0A53C4
                                                                                                                                                                                                        Function 0049E1A3 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: &
                                                                                                                                                                                                        • API String ID: 0-1010288
                                                                                                                                                                                                        • Opcode ID: c7024adcda7e0a5152bb63326a4ce1d345ec56b2f47a2b5c6f1a1bba3a77da95
                                                                                                                                                                                                        • Instruction ID: cbca2a3eee8774d198a90688ca89cc75ebe9b072d4f0cf10ea99a1f2f0cc0150
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7024adcda7e0a5152bb63326a4ce1d345ec56b2f47a2b5c6f1a1bba3a77da95
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51A18BB3F5162547F3540C69CC583A2B28397E4325F2F82788E4DAB7C9ED7EAC464284
                                                                                                                                                                                                        Function 0050C4A3 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: P
                                                                                                                                                                                                        • API String ID: 0-3110715001
                                                                                                                                                                                                        • Opcode ID: c4b06c48830ae82ed5cf8d3395aa52eefe102238c0989fc38e1f37256f9a1edd
                                                                                                                                                                                                        • Instruction ID: f11b703b19e270e21188ad5ab2889d8c150d60e221e552a8c7a878376b7e8a15
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4b06c48830ae82ed5cf8d3395aa52eefe102238c0989fc38e1f37256f9a1edd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAA176B3F016214BF3544939CD983A23A93ABD5324F2F42788A5C6B7C5DDBE5C4A5388
                                                                                                                                                                                                        Function 004F2064 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: (nA(
                                                                                                                                                                                                        • API String ID: 0-3663489113
                                                                                                                                                                                                        • Opcode ID: 23b1bf4f8ad18cf90bfcf8f779c212740304683e1ff05945177c2658a9021513
                                                                                                                                                                                                        • Instruction ID: 700f15a55612944716d049844029a0507e574d1c410659011a27b2f60d9f8b4f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23b1bf4f8ad18cf90bfcf8f779c212740304683e1ff05945177c2658a9021513
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6791ACB3F116254BF3544D38CD983627692AB94320F2F82788E9C6B7C6D97E5D0993C4
                                                                                                                                                                                                        Function 00447440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 2994545307-3116432788
                                                                                                                                                                                                        • Opcode ID: 5a9555b869a72990a53056c9b4cab013873d7382371d42467bbbef5c4b27be7d
                                                                                                                                                                                                        • Instruction ID: 1c7ad3e58073355a8446be5052628a284fb69c8929be327a683de3fc28458326
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a9555b869a72990a53056c9b4cab013873d7382371d42467bbbef5c4b27be7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A97129B160C7005BE7149E29DC9273B76A1DF81318F19883EE5869B392E37CDC06875A
                                                                                                                                                                                                        Function 004FC1E9 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @ *R
                                                                                                                                                                                                        • API String ID: 0-1746091313
                                                                                                                                                                                                        • Opcode ID: 8c5b6dc08328e813c0bfb295496c97112fcf98490703c3b58bf86ec7754134c1
                                                                                                                                                                                                        • Instruction ID: 954b99537d030e2b3be330453c1723fb74c1a97275ee81ddd9d85d665d8bc2e7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c5b6dc08328e813c0bfb295496c97112fcf98490703c3b58bf86ec7754134c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4191CFB3F1162547F3444938CC983A23653DBD5320F2F82788B49ABBC9D97E9D4A5384
                                                                                                                                                                                                        Function 004F5137 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                        • Opcode ID: c264a8cdf5e62213f479c952d208a58a1fe27614fb876de46619e812f8ee2f92
                                                                                                                                                                                                        • Instruction ID: e3e6efb7f38ab2fcbf75cf1b8940a6c515e27a5be35156910bea9ed73ef8c66f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c264a8cdf5e62213f479c952d208a58a1fe27614fb876de46619e812f8ee2f92
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7817BB3F112254BF3544D39CC983A27683ABD5320F2F42788E886B7C5D97EAD0A5784
                                                                                                                                                                                                        Function 0049D299 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: e
                                                                                                                                                                                                        • API String ID: 0-4024072794
                                                                                                                                                                                                        • Opcode ID: 4afdf729839494bcbab27e9147c18d6eb97d42f308ac9077b4029f1e63ab1ba0
                                                                                                                                                                                                        • Instruction ID: 473f2eaa153fd80dae1478618b3ab61d82adbee32610edff6cc2d1c9c477139c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4afdf729839494bcbab27e9147c18d6eb97d42f308ac9077b4029f1e63ab1ba0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28816CB3F2152047F3544D2ACC543627693DBD5321F3F82788E98AB7C9D97EAC4A5284
                                                                                                                                                                                                        Function 0042D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                        • Opcode ID: 30ec68e40b7010daa34c2657682477838d00faeb9cc05d2650e5c9d394cfedbe
                                                                                                                                                                                                        • Instruction ID: 29d86eaf56c9b10748fa345a340f821ed5da46275ac7e409d8d1f33ee8bd1333
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30ec68e40b7010daa34c2657682477838d00faeb9cc05d2650e5c9d394cfedbe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B510470B006108FC724CF28E8D0A37B7E1EB55714BA8882ED9D797762D275BC16CB5A
                                                                                                                                                                                                        Function 0044C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: N&
                                                                                                                                                                                                        • API String ID: 0-3274356042
                                                                                                                                                                                                        • Opcode ID: 28ebb6b09cb5a6548e354b917b783add85e9bfd4aab673317b311c396703a638
                                                                                                                                                                                                        • Instruction ID: b7ca427d40508ddade1706ea5936210f9b7b628edb11692aaccb5f8a0c6e062e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28ebb6b09cb5a6548e354b917b783add85e9bfd4aab673317b311c396703a638
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3510821605B804BE729CB3A88513B7BBD3ABD7314B5C969EC4D7C7786DA3CE4068B14
                                                                                                                                                                                                        Function 004893BA Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                        • Opcode ID: 09d7c495642477cd083d302b015139da211d942c2950ff358ce2d6e627f8e4a8
                                                                                                                                                                                                        • Instruction ID: 4ae2436e9bc2b2a43ea7643e9c0bad16edefd01c24307328d3f889463fb6df85
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09d7c495642477cd083d302b015139da211d942c2950ff358ce2d6e627f8e4a8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A77190F3F5162547F3544D68CC983A2729297A4321F2F42388E5CA77C5E97EAC4A53C4
                                                                                                                                                                                                        Function 0044C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: N&
                                                                                                                                                                                                        • API String ID: 0-3274356042
                                                                                                                                                                                                        • Opcode ID: b6b6b3fda079c90aec7d3775d5b0b5c00ef940ca3ea23c86c8d1bdd2f0e4cbaa
                                                                                                                                                                                                        • Instruction ID: d29e96cdb5d291a645cab26db31e2b5800f871c1486d1232406e770ca7dc1923
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6b6b3fda079c90aec7d3775d5b0b5c00ef940ca3ea23c86c8d1bdd2f0e4cbaa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96512921605B804AE729CB3A88503B37BD3BF97310F5C969DC4D7C7B86CA3CA4028B15
                                                                                                                                                                                                        Function 0054548E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: McC
                                                                                                                                                                                                        • API String ID: 0-2165502942
                                                                                                                                                                                                        • Opcode ID: 791817f78ddba9a891e4dd671326e06206ca8e191becc6a5cde3744e359951b5
                                                                                                                                                                                                        • Instruction ID: c98429cbdb3ec5080cef34fd9cf2642ecff8789826e48b64ff244f42de2c22ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 791817f78ddba9a891e4dd671326e06206ca8e191becc6a5cde3744e359951b5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C719EB3F116154BF3044D29CC483A276839BE5321F3F82788E9C9B7C5D97EAD0A5684
                                                                                                                                                                                                        Function 004E9205 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Y
                                                                                                                                                                                                        • API String ID: 0-3233089245
                                                                                                                                                                                                        • Opcode ID: 368c13771ba465664095fed907afff54581336bc65d0c642b61a9db7a68f9684
                                                                                                                                                                                                        • Instruction ID: 7a320491dcf3fe6b464e1910f2d5d01f5f74da0368ea630e52750215e6ba8a0c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368c13771ba465664095fed907afff54581336bc65d0c642b61a9db7a68f9684
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E61DFB3F102248BF3544D29CC943A27253DB96325F2F81788E4D6B7C5DA7EAC4A9384
                                                                                                                                                                                                        Function 0042F3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                        • Opcode ID: 1f5fab97a3a79c619dadf51d917f47a6757be72aa1d5f864cb882867fcc2a13f
                                                                                                                                                                                                        • Instruction ID: 7da4939e2df7ee57c7832c7788a7fe3e582b868a268e7f0eb8ae30b29aa06271
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f5fab97a3a79c619dadf51d917f47a6757be72aa1d5f864cb882867fcc2a13f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8612A3260C7A08BC7109A38995139FBBD0AB9A324F694B3ED9E5D73D2E2788505C747
                                                                                                                                                                                                        Function 0050C1FC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: \
                                                                                                                                                                                                        • API String ID: 0-2967466578
                                                                                                                                                                                                        • Opcode ID: 9620bd3684fd2ba0244eb36f4c4b3c69ef6c7f05bfd9dda7b9119e02e91e5c3b
                                                                                                                                                                                                        • Instruction ID: 8521fde91753863f47dd4197f85001cefa6b0470c5026d00267bd6d6394e7685
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9620bd3684fd2ba0244eb36f4c4b3c69ef6c7f05bfd9dda7b9119e02e91e5c3b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D45190B3F106254BF3148D39CD9836276939BD5711F2F83788A5C9B7C9E97EAC095280
                                                                                                                                                                                                        Function 00461160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                        • Opcode ID: 96079edd3513c1ec44c74bc0f20642464d7d9a79ba4543c7306b78549536e032
                                                                                                                                                                                                        • Instruction ID: 4d0f7628c9cbcc8fd8efef068f9b23cf6144e6c061158b1e3f9d530f55f8bcc1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96079edd3513c1ec44c74bc0f20642464d7d9a79ba4543c7306b78549536e032
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC4112B1A043109BD7188F24CC56B7BBBA1FFD5354F088A2DE5855B3A0E3799944CB8B
                                                                                                                                                                                                        Function 0044C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: AB@|
                                                                                                                                                                                                        • API String ID: 0-3627600888
                                                                                                                                                                                                        • Opcode ID: 1496242bf303926ab085a44bb9a20b5a1089528aa15ac7d937396a9661f77954
                                                                                                                                                                                                        • Instruction ID: d227638f02fd768f51c8682b17b98d6c9bbbb60fe48b062d4bca17e917bf4a04
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1496242bf303926ab085a44bb9a20b5a1089528aa15ac7d937396a9661f77954
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 434133B15046928FE7228F39C860763BBE2BF97310B189699C0D2DB392D738E845CB55
                                                                                                                                                                                                        Function 00460340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 2994545307-2766056989
                                                                                                                                                                                                        • Opcode ID: 6c85abf4315371a72929fe0f0a0f1be49ce878ea52454260cd7fa33556971d18
                                                                                                                                                                                                        • Instruction ID: 3db819db8e8990d216124aa474be13e9b24a27e0dd056c8f2679d627ef8ba6ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c85abf4315371a72929fe0f0a0f1be49ce878ea52454260cd7fa33556971d18
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C731F1715083048BC324DF58D8D166FB7E4EB85314F14892DEA9983390E739D848CB5B
                                                                                                                                                                                                        Function 004FC4B2 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: @ *R
                                                                                                                                                                                                        • API String ID: 0-1746091313
                                                                                                                                                                                                        • Opcode ID: 29e21451fbb270b5703540df3b65bdaf1ab5b63556e1797b6ddc0a5517daa265
                                                                                                                                                                                                        • Instruction ID: 81e0ad20797e19eb3de26aba5dcfcdc161e6b8e8b03f6f0a2480da2fe9bbca14
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29e21451fbb270b5703540df3b65bdaf1ab5b63556e1797b6ddc0a5517daa265
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4319FF3E119214BF3644878CC993A265439B91324F2F82B8CE19ABBD9D97E4D095384
                                                                                                                                                                                                        Function 0044E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 70ac1159c04ab26f4e8334615451fd454ab4a521128620c67f13be7be5a10462
                                                                                                                                                                                                        • Instruction ID: 60295103e76075479b32fbf48f1ddfcf13a9627a0960ebdf2dc6a4788b7840f7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70ac1159c04ab26f4e8334615451fd454ab4a521128620c67f13be7be5a10462
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D62B5F1511B019FC3A0CF29C881793BBE9AB89354F14892ED5AED7311EBB465018F9A
                                                                                                                                                                                                        Function 00485307 Relevance: .6, Instructions: 641COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d48cbc891f349221c9983441122729409ea1bbeeefed9589ed813faeafeca30c
                                                                                                                                                                                                        • Instruction ID: 3dc9349fa77d8e6f501107d45d79fc1e4b288800ad27fb3eac14f4bfda0b59f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d48cbc891f349221c9983441122729409ea1bbeeefed9589ed813faeafeca30c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A224CE3E61A3407F7A44479DD883A6558397A5321F1F82758E5C7BBCAD8BE0C4A03C8
                                                                                                                                                                                                        Function 004273D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                        • Instruction ID: f84a2a4992532021a8714bfe0e3f7781be2b609bce94642d99f8750b2f77cf53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A822C331B0C7218BD725DF18E8806ABB3E1FFC4319F59892ED9C697385D738A8518B46
                                                                                                                                                                                                        Function 00501437 Relevance: .6, Instructions: 570COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4bfdbb96573071ae9e30772ab223aca747b5599988ceb865e0cb35db0785e61e
                                                                                                                                                                                                        • Instruction ID: e4302eb0c3e14e47b81a428648efafbc508aa553c59ecb1fe969c92acbf17a86
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bfdbb96573071ae9e30772ab223aca747b5599988ceb865e0cb35db0785e61e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71124BA3F1095407FB580839CDA93BA198397E5324F2F423D8B5A5B7C6DCBE494A4389
                                                                                                                                                                                                        Function 0053B1EE Relevance: .6, Instructions: 557COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 14914c1f70d44b6d5484e20dd24f9cf7d3649d4dd859b122c2b95ca2c1367a70
                                                                                                                                                                                                        • Instruction ID: df51fa465e553772d2717398bea3eca7b4f73a53973b05b51420e72036ca6977
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14914c1f70d44b6d5484e20dd24f9cf7d3649d4dd859b122c2b95ca2c1367a70
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9302DFB3F105204BF3584928DC593A67697EBE4320F2F823C9F99A77C5E97E9C094285
                                                                                                                                                                                                        Function 00516420 Relevance: .5, Instructions: 509COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c1654c328f3bc9aeac2be6caed0235940ae7f369814afce0518759bdb46125dd
                                                                                                                                                                                                        • Instruction ID: d36afe543acf0e0f3e5c67c8ac978001e3bd46a9aca7f8b077502d06f4b25c02
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1654c328f3bc9aeac2be6caed0235940ae7f369814afce0518759bdb46125dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59F1EEF3F146204BF3145929DC893A6B692DB94324F2F463C9F88A77C5E97E9C0582C5
                                                                                                                                                                                                        Function 0048540F Relevance: .5, Instructions: 483COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 36efc10cb2e1c36d3cea53484717d12fe9e51ee930a9488943f6b5d2c947f462
                                                                                                                                                                                                        • Instruction ID: 90cba2c566039d4bd8a2509e4bf927a070045d4505eeac9a19618b5cb626dfae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36efc10cb2e1c36d3cea53484717d12fe9e51ee930a9488943f6b5d2c947f462
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8F138E3E51A7446F7A44469DD8839A588393A5321F1FC2758E5C7BBCAD8BE0C4A03C8
                                                                                                                                                                                                        Function 004CD3D4 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 97d28b5ba94f0b29774f5431349a44b817b2b4fc872584f967010fc9fbf51f2a
                                                                                                                                                                                                        • Instruction ID: 986e3a7ea9011440647250d3f7dac0957f7a2f9946dbcecf94939c4b9d4ec337
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d28b5ba94f0b29774f5431349a44b817b2b4fc872584f967010fc9fbf51f2a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03F100B3F102204BF3484D29DC983667693EB95320F2F863C8E899B7C5E97E5C0A5385
                                                                                                                                                                                                        Function 005432BC Relevance: .4, Instructions: 431COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 72778eccc8e584e3145e61f59068d5909a73dfe4aa7e92a0f20ffecf6a77ff5c
                                                                                                                                                                                                        • Instruction ID: 74d8b89a1f07ce0dbfd53b3cb88585f21d282fd872bd847ed39ff06c9056f45d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72778eccc8e584e3145e61f59068d5909a73dfe4aa7e92a0f20ffecf6a77ff5c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECE1D2F3F052208BF3545E29DC94362B692EBD4320F2B413DDA889B7C5EA7E5C468785
                                                                                                                                                                                                        Function 0052E088 Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7be9360b71eaeb321c1cf6dfb7f4b07c7146ee69da662c18ee41519111c67dd7
                                                                                                                                                                                                        • Instruction ID: 52985ff032a55255d2ea502cf5ae27a1ccaf034bd65cf2b047c651b7ff0485c6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7be9360b71eaeb321c1cf6dfb7f4b07c7146ee69da662c18ee41519111c67dd7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31D1F1F3E146254BF3104E79DC88366B692EB94320F2F463C9E88AB7C5EA7E5D054385
                                                                                                                                                                                                        Function 004FF319 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6ebc2d3d82b39fe68d70ac73e4ca5fc82463bfed9e123bc20ae1297f35e189c7
                                                                                                                                                                                                        • Instruction ID: 5306ffe5d58069c80e72fb8b733f24976a42c17851016b9119eb91fe52b00b5e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ebc2d3d82b39fe68d70ac73e4ca5fc82463bfed9e123bc20ae1297f35e189c7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEE1E0B3E156108BF3149E29DC84366B6D2EBD4320F2B863CDAD8977C5DA3E1C458786
                                                                                                                                                                                                        Function 0053C319 Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 643d32859454fe003e7290762f748762c5d598337fdee6934410c40757a0ffbf
                                                                                                                                                                                                        • Instruction ID: a6cb13db8cf17567f57b9af31bdcd1b035f4483014c1b2dc705d90663a0237e6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 643d32859454fe003e7290762f748762c5d598337fdee6934410c40757a0ffbf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9C1CFB3F112254BF3184929CCA43A27693DBD5321F2F42788F596B7C9D9BE6C0A5384
                                                                                                                                                                                                        Function 0049B31F Relevance: .4, Instructions: 368COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 27ca3ac41cd11581196c97b2c96d8ef8f381ea92d9c59a7fce784efb47c7781a
                                                                                                                                                                                                        • Instruction ID: 2fa00ce9b77bfbb8d586a22e6e2bdcb249dada659d636f8db45a3355b2253ec0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27ca3ac41cd11581196c97b2c96d8ef8f381ea92d9c59a7fce784efb47c7781a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82D18DF3F116254BF3540D28CC983A27652EBA5321F2F42788F5C6B7C6D97EAC4A5284
                                                                                                                                                                                                        Function 004B937C Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0638c8321e2344c1659d544c2073d42b8c01f96e4a0a028f85d9c90eff4212a6
                                                                                                                                                                                                        • Instruction ID: 262441d2d6984d105368a0156e4dd8e31e9131bb38406e76443826f82db06cd8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0638c8321e2344c1659d544c2073d42b8c01f96e4a0a028f85d9c90eff4212a6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94C167B7F11A2047F3580878DC683A265839BD5324F2F82788E6DAB7C6D87E5D0A43C4
                                                                                                                                                                                                        Function 004D31C7 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 38851a06a0693adfd3fa05ec811096aa73236cdd500e3ce40b51eead61a39f26
                                                                                                                                                                                                        • Instruction ID: 0e9fe72d2d6e147cf6612a64bd2193219f43c094f17aceda7f54c0d473bdae2a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38851a06a0693adfd3fa05ec811096aa73236cdd500e3ce40b51eead61a39f26
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68C18AB3F216254BF3444938CD583A276539BD5324F2F82388E5CAB7C6D97E9D0A5284
                                                                                                                                                                                                        Function 004E8575 Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 942dac6bd71d8a0bda8bd1b84aec4739c57d41f0e63aa9f147a686e427b6e38e
                                                                                                                                                                                                        • Instruction ID: 1daa35bb30d387f0786df046a945d37d8b857dadfbe810b3600995d270a0a0ef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 942dac6bd71d8a0bda8bd1b84aec4739c57d41f0e63aa9f147a686e427b6e38e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02C18DF7F116254BF3544929CC883A266839BE0324F3F42788B9C6B7C6D97E9C0A4284
                                                                                                                                                                                                        Function 004AC0DE Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 948e0a630132878673b1636825c81d6c7bc5227b060deed71869ded4bdf4b439
                                                                                                                                                                                                        • Instruction ID: 5fa3a707c6ca91c6ec06e16c0138288a193b0484ff596e79b3d157952a5ec89d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 948e0a630132878673b1636825c81d6c7bc5227b060deed71869ded4bdf4b439
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14C1B1B3F146148BF3445E28DC44366B6D2EBD4320F2B423CDA89977C5EA3EAD498785
                                                                                                                                                                                                        Function 0048D25F Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 319f97e720ad2a79906f55ce39669b6e48e5fbb05c570bda2a8b054bce4cfdd4
                                                                                                                                                                                                        • Instruction ID: 64f2c8418d2212180b46f343387466ac08ccc30735adb94a77fc6d1e1d45b465
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 319f97e720ad2a79906f55ce39669b6e48e5fbb05c570bda2a8b054bce4cfdd4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00C19EB3F1122547F3044938CCA83626683DBE5325F2F82788B599B7CADD7E5C0A5384
                                                                                                                                                                                                        Function 004F32EB Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 57b8a3954d2ba34f4b81d6cf3a9a9afbd5998f74170bb928fa4764b7f33be5cd
                                                                                                                                                                                                        • Instruction ID: 09f62886eb18b969e0fe9de6e66102902a7aa11353aa4e670a5da409cf456c8e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57b8a3954d2ba34f4b81d6cf3a9a9afbd5998f74170bb928fa4764b7f33be5cd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8C179B3F116254BF3544939CC9836276939BD5324F2F82788E486B7CAD97E5C0A53C4
                                                                                                                                                                                                        Function 0048A3E4 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f7dd323ec68d9715add992bb71b496ad58707ab7ad67a82099db8e204d41520c
                                                                                                                                                                                                        • Instruction ID: f447dd798e1b4031e56a68aa2841338aa35dbc221ce3416a7a68ba3faaee1a2b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7dd323ec68d9715add992bb71b496ad58707ab7ad67a82099db8e204d41520c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87C1BBB3F2062547F3584939CC983627693EBE4321F2F42388E996B7C6D97E5D0A5384
                                                                                                                                                                                                        Function 004E31F7 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0334f0730f659fc1b3e32bf38eb2b3fea577b06534373780a5a8663351b6d837
                                                                                                                                                                                                        • Instruction ID: efdb9a1a009ccd667860474d461c3201240cd319ea85cac860e28e4fee7dd536
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0334f0730f659fc1b3e32bf38eb2b3fea577b06534373780a5a8663351b6d837
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FB16AF3F1162547F3584839CDA8362668397E4311F2F823D8B4A6B7C6DD7E9C4A5284
                                                                                                                                                                                                        Function 0043E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 36f9e1a3a585a604e527f7451402ae24f2570d3debebecd0bda2851542510120
                                                                                                                                                                                                        • Instruction ID: af4253c15d168e7ac0e88395135f54adda258903f8ee42e545748e2f6005855c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36f9e1a3a585a604e527f7451402ae24f2570d3debebecd0bda2851542510120
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82B10771504301ABD7109F25CC42B1ABBE2BBD8319F144A3EF894A33E1E77699198B47
                                                                                                                                                                                                        Function 004D1275 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9bdd22649a41483d62503c468b174c5b8e09955b40b4cd5c8f6d7f62965e2bac
                                                                                                                                                                                                        • Instruction ID: 380df1519242b92338cf8837e4380571f4df903e92a31aecb2377458fdec1ca1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bdd22649a41483d62503c468b174c5b8e09955b40b4cd5c8f6d7f62965e2bac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8C1A9B3F216214BF3544939CD583A236839BE1321F2F42788F4CAB7CAD97D9D0A5284
                                                                                                                                                                                                        Function 004DB48B Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7f9e68c1d22c939008cd4a5bc7e75e87d88c3c4485ca671e821138d87cf62c8a
                                                                                                                                                                                                        • Instruction ID: c51af81e2ddaf6f51e41a69dfdb5ffa6b7d88a7d6d6029453a3504a0f1ee130d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f9e68c1d22c939008cd4a5bc7e75e87d88c3c4485ca671e821138d87cf62c8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8B1AFB7F006254BF3544E69CC943A27693EB95310F2F82788E486B7C6EA7E5C4653C4
                                                                                                                                                                                                        Function 0051814A Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fa25517bde122d0a150c9aaa6ed5451a86139523a71b9d4539cd68fdf253ef11
                                                                                                                                                                                                        • Instruction ID: 053b0e300f4a49585f8cb98adedbe46ef5e626f2f79f279ae8d4e12c04e4739a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa25517bde122d0a150c9aaa6ed5451a86139523a71b9d4539cd68fdf253ef11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DB1ABB3F10A2147F3584928CC983A27683DB95325F2F82788F5DAB7C5D97E9C4A5384
                                                                                                                                                                                                        Function 004F249D Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bf8d08d04269415f3905eea1ca32b8bf58270fea800bbb87d5579af3e4dc739a
                                                                                                                                                                                                        • Instruction ID: 59e20e34b4c0ed8e818731bae3addb75822bf42fa05b66bea5772f9e6b56e07f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf8d08d04269415f3905eea1ca32b8bf58270fea800bbb87d5579af3e4dc739a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2B17BA3F1162547F3584C79CD5836266839BE0321F2F82788F5D6BBCAED7E5C0A4284
                                                                                                                                                                                                        Function 004AF4E7 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1566eee5976759be243de436d9e763fa87246d7eb0ba3f2a63aa9b505e4957fe
                                                                                                                                                                                                        • Instruction ID: 47395ee8d81f937a17b41391eca04189873eeb6b134abdbb232b988c969b6090
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1566eee5976759be243de436d9e763fa87246d7eb0ba3f2a63aa9b505e4957fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15B19EB3F1162447F3544969CC983A362839BD5320F2F82788E6CAB7C6D97E5C4A53C4
                                                                                                                                                                                                        Function 0048655E Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 027e5975150a30995a72a6fae0cd311a3eb261ac8cc7a8de41803f84117e461d
                                                                                                                                                                                                        • Instruction ID: ff4522222371b56826a817cea3c3b5f40095fd35a828a81a9e6a7a8b8290eaea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 027e5975150a30995a72a6fae0cd311a3eb261ac8cc7a8de41803f84117e461d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1B19BB3F516214BF3544928DCA83A27243DBD4325F2F82788E986BBC9DD7E9C465384
                                                                                                                                                                                                        Function 005230E2 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6b5a3373b456541f1e996b89083363f830e2c62087b79be9d768a3abca3af26e
                                                                                                                                                                                                        • Instruction ID: 9d9d8291942446f10b3f5c754cf44f6cc3020bf28df3395bc304a4a5c24a4431
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b5a3373b456541f1e996b89083363f830e2c62087b79be9d768a3abca3af26e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6B17AF7F1062547F3540878DD983A2658397A4324F2F82388E5CAB7C6D9BE5D0A43C4
                                                                                                                                                                                                        Function 0051A0A8 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 06064f3f5d74f3ebf4c624c9a3ff787481f1ce0046588472f7cbb1bfe761066b
                                                                                                                                                                                                        • Instruction ID: 96b7373c71c595cdcf5a52d9f6f4449ab78724b97aca368081a278d27f761008
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06064f3f5d74f3ebf4c624c9a3ff787481f1ce0046588472f7cbb1bfe761066b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98B1B4B3F1122547F3544D38CD983A27693DBD5311F2F42788E48AB7C9EA7E6C4A5284
                                                                                                                                                                                                        Function 004B1181 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ec07ef446f5b04e36298c01d9277a0694b5e2d0dcbb21d19018e99d99b7c1b68
                                                                                                                                                                                                        • Instruction ID: 3fa2cdf045e432fcf37dec7362b453d739cdf6eeb3ae32d0696b8b10ee1d59ea
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec07ef446f5b04e36298c01d9277a0694b5e2d0dcbb21d19018e99d99b7c1b68
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AB19AB7F5062647F3644968CD983A276439BD1320F2F82388F8C6B7C6D9BE9C465384
                                                                                                                                                                                                        Function 004D6273 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4473ab2f6fb07c27733299a6852a54086a228d1d6ce936028735ff92a830f956
                                                                                                                                                                                                        • Instruction ID: 029e6391051fe5db3484a13e26167969c96c8855d8fd1280fecfc09431db0b59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4473ab2f6fb07c27733299a6852a54086a228d1d6ce936028735ff92a830f956
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0B18BF3F5162547F3444928DC983A26683DBD5311F2F82788F48AB7CAD97E9D0A5388
                                                                                                                                                                                                        Function 0050B45B Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6be7e998fdde1fc5d2171e0d42101c4c2fd87d63be5179d718f9d2a34e781cd4
                                                                                                                                                                                                        • Instruction ID: 0d60cd689843a972b401db97fe53d1f90a0b773101bad0e8347697394944d24e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6be7e998fdde1fc5d2171e0d42101c4c2fd87d63be5179d718f9d2a34e781cd4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCB18AB3F216254BF3584839CC983A22583DBD4325F2F42788F59AB7C5DD7E9C0A5284
                                                                                                                                                                                                        Function 004C9221 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b92905d8ddb6cbde4bcf64256cc9902abfcdfc5437f2e2f0ceadaf01bbf9efb5
                                                                                                                                                                                                        • Instruction ID: 699cc436603cb2497bffd04e2c8d480f5dce9336a8c08e08f129f09aeb04f527
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b92905d8ddb6cbde4bcf64256cc9902abfcdfc5437f2e2f0ceadaf01bbf9efb5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB1C3B3F106254BF344493DCD583A27A93DBD5314F2F82788E58ABBC9D97E9D0A4284
                                                                                                                                                                                                        Function 004A43DC Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0b5dfd7c28df0912e8b62eea759ba0141257a38e5e8c40d3b0499c07499d6674
                                                                                                                                                                                                        • Instruction ID: c857904ed80b6fd072a1518f99f96d3bae565fa8af95b7c2dc095a78d5b92254
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b5dfd7c28df0912e8b62eea759ba0141257a38e5e8c40d3b0499c07499d6674
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46A19EB7F1062547F3544C79CC983A26682EBA1324F2F42788F5DAB7C6D9BE5C4A42C4
                                                                                                                                                                                                        Function 00426160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                        • Instruction ID: b7a8982ef7cc1abc951029d9f7a9f14dfbc2f879086fe051ea61bed9f221b181
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9C16BB2A087518FC360CF28DC86BABB7E1BF85318F49492DD1D9C6342E778A155CB06
                                                                                                                                                                                                        Function 004DC1D3 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 438c9ae42fd92b4286322d6409fd5907f7a9d10192ba34b1658adb770886ce51
                                                                                                                                                                                                        • Instruction ID: 9faa897629295ebd38745130b33ed5ff8cd6f744bc434afe2ea603e4d21227f4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 438c9ae42fd92b4286322d6409fd5907f7a9d10192ba34b1658adb770886ce51
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34A18CF3F116244BF3448929CC583A27283DBD4311F2F81788E49AB7C6E97EAD465384
                                                                                                                                                                                                        Function 004CB114 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d588a5f93b57057cd60ba79aa0b38317a27bdbb52458a9fb60384ef6a2a201f3
                                                                                                                                                                                                        • Instruction ID: aa1017b5f9b663c72ff3d723c5fe93779605a06e2ac28ff061f7a0e39024d775
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d588a5f93b57057cd60ba79aa0b38317a27bdbb52458a9fb60384ef6a2a201f3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11A1ACB3F1063547F3544D68CC983A2A283DB95324F2F82788E5DAB7C6E97E5C4952C4
                                                                                                                                                                                                        Function 004B80C6 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5037b6d6e3b32a4bb4e306b2713761294590b412fa4d18c5a887dedf0ad951c1
                                                                                                                                                                                                        • Instruction ID: 0857c318e774624bfb7b7c08db112611b2b805788c0c391a1250bd08c8603eb4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5037b6d6e3b32a4bb4e306b2713761294590b412fa4d18c5a887dedf0ad951c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80A18CB3E1113547F3544929CC583A2B6939BD4320F2F82788E4DAB7C5EA7E6D4A53C4
                                                                                                                                                                                                        Function 0050D0E8 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e4f4742c42e6b9eec70b0210ccc170c4ab9f8a7c9c677ab8940a342f19e7614b
                                                                                                                                                                                                        • Instruction ID: 0cb13c4799d403d1b6f731b67fa397bcbd7e1ff708a921807e903f29cd52b218
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4f4742c42e6b9eec70b0210ccc170c4ab9f8a7c9c677ab8940a342f19e7614b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBA1BDB3F106204BF3584D78CCA83A27693EB95314F2F427C8E596B7C5D9BE1D4A9284
                                                                                                                                                                                                        Function 004EF062 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 96b376cf0840da40d13175e69663cb3322b80d4bead0dd423220fc12532993fa
                                                                                                                                                                                                        • Instruction ID: fcc1b33e9f308728aea941bc835814c4e8d3da54a25e86664d57b1a216445c75
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96b376cf0840da40d13175e69663cb3322b80d4bead0dd423220fc12532993fa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05A1BCF3F106254BF3144869CCA83A272939B94325F2F42788E8C6B7C6E97E5C4A53C4
                                                                                                                                                                                                        Function 0052D20A Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1f38862c5d238053c0d32f1c60916f5ff7dfee5d150f81d2c7af2f80d35e1fc3
                                                                                                                                                                                                        • Instruction ID: fdbfa059a37e927908d7f6f633ba9e3032dab3acbca86f17e988f13a8652296e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f38862c5d238053c0d32f1c60916f5ff7dfee5d150f81d2c7af2f80d35e1fc3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86A19DB7F1062547F3940D39CC583A26683AB95324F2F82788E8C6BBC9D97E5D4A53C4
                                                                                                                                                                                                        Function 004E2393 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e46a12a5b221cb50abf04c8352ae55c42d469b47e0eaf67a7c50a82c8104b92c
                                                                                                                                                                                                        • Instruction ID: 360916a13c49fe2865bf1182c6cd432e1f4d280bb0c107d712abf9b75f943834
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e46a12a5b221cb50abf04c8352ae55c42d469b47e0eaf67a7c50a82c8104b92c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABA1ADF3F1162547F3504878CC983A266839790325F2F82388F5C6B7C6E97E5C4A52C4
                                                                                                                                                                                                        Function 004FB3AC Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 73a00b36039226105c585ab9e3bea4be989d46b518644b2cf2e9a33b738aab01
                                                                                                                                                                                                        • Instruction ID: 5c58d971428a386ff1bf4d7c4fcd24d5aa4257f284c07eea124b02ed03c36439
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73a00b36039226105c585ab9e3bea4be989d46b518644b2cf2e9a33b738aab01
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01A158B3F206254BF3584C38DD9836265839BE5320F2F82798F99AB7C5DD7E5D0A4284
                                                                                                                                                                                                        Function 004B8542 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a8185692526cc027ea76b2bc40bf846081ee992d33ffa5c3ecc7e513166a4c79
                                                                                                                                                                                                        • Instruction ID: 023c9a0b31fb91910f63310fac55d52aa1c77f6030813638fe905127db4c75d1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8185692526cc027ea76b2bc40bf846081ee992d33ffa5c3ecc7e513166a4c79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEA17AB3F506254BF3544D78CC983A26683DBD5321F2F82788E58AB7C5D9BE5C065384
                                                                                                                                                                                                        Function 004C3373 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 761e8ac7c310929645d267161e0c3fe2ebdd5b265778efa62edffc480c012d7d
                                                                                                                                                                                                        • Instruction ID: 72e3b3ef9575530e48b80772fb83551aee6cb149f9d906a255bd8312f145dd29
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 761e8ac7c310929645d267161e0c3fe2ebdd5b265778efa62edffc480c012d7d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47A17BF3F1162547F7480929DCA83A26683EBA0314F2F413C8F4A6B7CAD97E5D4A5384
                                                                                                                                                                                                        Function 005043DA Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b2cea8eb403fbef64793999a4c248185347cd4bf15c9f5012de10bdbb5eaeafc
                                                                                                                                                                                                        • Instruction ID: ecc912f0bd7fbd1571489fcc1bb81da2dce0ab38c62b12e3c1b064b41338cf9e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2cea8eb403fbef64793999a4c248185347cd4bf15c9f5012de10bdbb5eaeafc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFA1AFB7F1162147F3544D39CC983627683EBA5321F2F82388A599B7C6ED7E9C0A4380
                                                                                                                                                                                                        Function 0053A1AE Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 34d06f9609c90e7a5c4874c8cfca4e7d5f2bcad7dd3f85a1ab0f701fa877e497
                                                                                                                                                                                                        • Instruction ID: 5a41b4e71eb2786af8de2eee90300f98404033aa3ae027da61a3f45f8ce91b82
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34d06f9609c90e7a5c4874c8cfca4e7d5f2bcad7dd3f85a1ab0f701fa877e497
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83A16AB3F1062447F3584879CD983666583D7D4324F2F823C8F99ABBC9D8BE5D0A1288
                                                                                                                                                                                                        Function 004C0228 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f138954e945f68e36be5264cab8e6bf7c1d1fc650054d8ee6600d9235d77ffb1
                                                                                                                                                                                                        • Instruction ID: 331228748ee6040f00f2a2a9b40afc5164db1f6828ae4b541e0df266246bdb66
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f138954e945f68e36be5264cab8e6bf7c1d1fc650054d8ee6600d9235d77ffb1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CA17CB3F125244BF3444D39CC583A236839BE5325F2F81788A4CAB7C5E97EAC4A5384
                                                                                                                                                                                                        Function 00534572 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8281057cad91230a7266460f38e8c526dea97f802d5ca74c1a9cf8aac2f15e19
                                                                                                                                                                                                        • Instruction ID: 009be84d72d01492414d9c68253473f60a3679c39a4ef60458c7e86ae0fe15cc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8281057cad91230a7266460f38e8c526dea97f802d5ca74c1a9cf8aac2f15e19
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAA19FB3F1022647F3584D28CD993A27693DB90311F2F82388F49ABBC5D97EAD495784
                                                                                                                                                                                                        Function 004D0265 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8aacb7cfa842ee6ebd204ffe37ccb4dd93d106d4607015bb3170fae396201ca8
                                                                                                                                                                                                        • Instruction ID: cde101fc642b9e647f0410b8129ec678a6d50ec8b7e18ec8ed415abe52b0cc0e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8aacb7cfa842ee6ebd204ffe37ccb4dd93d106d4607015bb3170fae396201ca8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2A1A1B3F115254BF3404829CC983A26683D7D5321F2F82788E6CAB7C6D97EAD4A5384
                                                                                                                                                                                                        Function 00537136 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 394af2a01a7130bb98f9452f16523860a71199fc1199252e8a93faa40b7df205
                                                                                                                                                                                                        • Instruction ID: aca9de35f90ee12cab856ffcb10d134f404212f88a5ef04092e33b227a9f0a81
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 394af2a01a7130bb98f9452f16523860a71199fc1199252e8a93faa40b7df205
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6A1A9B7F116254BF3540D29CC883627693EBE4325F2F81788A8C6B7C6EA3E5C465384
                                                                                                                                                                                                        Function 004C2210 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 479f9b64cfff676174200900caa6d8f687ce77976c4ab8defdf91511db4d42c5
                                                                                                                                                                                                        • Instruction ID: 1d8be1ec52eac9ef1200eba979d4f3aac516067f0f1f9d3c0de20e65d73d2393
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 479f9b64cfff676174200900caa6d8f687ce77976c4ab8defdf91511db4d42c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24A16BB3F1022547F3944D29CC983A27293DB95311F2F81788F486B7C6D97EAD4A6384
                                                                                                                                                                                                        Function 00487378 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f3aa29c1e73ec715a735ccc55abdbb66e507aa5c4cb40dd791ed28f19c359a84
                                                                                                                                                                                                        • Instruction ID: 97079ddb1fab95107299a267963b4e73d5d3c7d1c376e74baf63306c0ff4718f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3aa29c1e73ec715a735ccc55abdbb66e507aa5c4cb40dd791ed28f19c359a84
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADA15AB7F116214BF3584838CCA83626583D7D5320F2F82788E596BBCADD7E5D4A5384
                                                                                                                                                                                                        Function 00490006 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f94954231ed9002c28b55eac140a911682760917b96752d1cf3447a0b7aef75d
                                                                                                                                                                                                        • Instruction ID: d177087d9620c74fc6642de6169e9f425fe8dc9dafabf31dd043d992b6f404ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f94954231ed9002c28b55eac140a911682760917b96752d1cf3447a0b7aef75d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0A188F3F1162447F3984879CC583A2658397E5314F2F82788E5DAB7CADD7E9C0A5284
                                                                                                                                                                                                        Function 0052826C Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5a27b209d1bc8eff89c508391dff3f71179d56ef32ffb1d5e25a786715641dea
                                                                                                                                                                                                        • Instruction ID: ca12211a64885bb6d2e6fd832aa2e5b09c6cf3adb9c00141d48a95e131cbeb60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a27b209d1bc8eff89c508391dff3f71179d56ef32ffb1d5e25a786715641dea
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBA16BB3F5162147F3584929CD983A27683ABD1324F3F82388A5D5B7C5EDBEAC464384
                                                                                                                                                                                                        Function 004E43FF Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d20bb1bef2cf08e6a0714aac8f39c2786fdbf4930dea851a54c17c8ab70282bb
                                                                                                                                                                                                        • Instruction ID: cde814f349db4a31922c19584ee02b486e7572ec274a03ce5fc788deadce7881
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d20bb1bef2cf08e6a0714aac8f39c2786fdbf4930dea851a54c17c8ab70282bb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20A1AFB3F2162547F3544839CC983A27283D7D5321F2F82788E58AB7C9D97E9D4A5384
                                                                                                                                                                                                        Function 0053829B Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 23eb3a9e1f133e100a232a5361be7abb2896116871d206276d176e0fa9399bb8
                                                                                                                                                                                                        • Instruction ID: fe49c2b445b5d89a7a29f8b31959ac6f228461f22eaa51468625f78502d8fb7a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23eb3a9e1f133e100a232a5361be7abb2896116871d206276d176e0fa9399bb8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81A190B3F1162547F7584938CD983A23583DBD4314F2F82388E99AB7C9D97E6D0A5384
                                                                                                                                                                                                        Function 004F0468 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 53e1f67abcdd1fe68855fcc36ae46a5b7d565b28604e58d1864b6659c89ad45b
                                                                                                                                                                                                        • Instruction ID: 998d7175e81824ad92df529ac47bc14c056e65ee03543b66ba4aaa4d76f6dd6e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53e1f67abcdd1fe68855fcc36ae46a5b7d565b28604e58d1864b6659c89ad45b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2A17BB3F5162547F3544878DD983A2668397E4311F2F82388E5C6BBCAE9BE5C0A52C4
                                                                                                                                                                                                        Function 004B004E Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 78ecfa83dd800f189432333ce458897e351df573df7f3afa91295a1995ef2da7
                                                                                                                                                                                                        • Instruction ID: 546599cd22675d63d37d7f5739e7c37bf3de201d0e811da77a5988299f295222
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78ecfa83dd800f189432333ce458897e351df573df7f3afa91295a1995ef2da7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EA177F3F115250BF3584829CDA83622683D7D4325F2F82398F596BBCADD7E5D0A1288
                                                                                                                                                                                                        Function 0054B034 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2a7f9b80cf2215a382d64245e51b9ed592920efdb62735f6ca04262248152522
                                                                                                                                                                                                        • Instruction ID: 96f12e3fe7c8426dd106ae3b6144c54db51133a8eece785f448436cb531cc447
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a7f9b80cf2215a382d64245e51b9ed592920efdb62735f6ca04262248152522
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCA1C0B3E112264BF3500E68CC843627693EB95320F2F42788E8C6B7C6DA7E6D4957C4
                                                                                                                                                                                                        Function 004F62D7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e2bbd6070491e62cfa7102e6795909e1d456b4d00cdc35c969894b3f9c5230d3
                                                                                                                                                                                                        • Instruction ID: 868bc2205488dffc7e8ff1b94168cb4b4d37f2f6a642928f8aafda7d60c54d1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2bbd6070491e62cfa7102e6795909e1d456b4d00cdc35c969894b3f9c5230d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70A1BEB3F1112547F3544D38CC483A27693DB95321F2F82788E58ABBC9DA7EAD0A5384
                                                                                                                                                                                                        Function 0049F314 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a2a34846a062ca8fa1bf0f2995137af9cb5ddd29e2dfb971fb29869c3f8e82c1
                                                                                                                                                                                                        • Instruction ID: 7a356bc1aeb06df5874e192081af230b5260c862186ae38d82796cb1e9fa78ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2a34846a062ca8fa1bf0f2995137af9cb5ddd29e2dfb971fb29869c3f8e82c1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5A199B3F1152547F3544D28CC883A276939B95321F2F42788E5C6BBC6DA3E6C4A93C4
                                                                                                                                                                                                        Function 00532405 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 13e4ddae425663c2e507e53d016723e285dff6e41ed54ed898b8468ef0811fad
                                                                                                                                                                                                        • Instruction ID: 7b8cfc8cf8e33e270e189c914b782c064c8d69dd519b25be8fd798097e0f18da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13e4ddae425663c2e507e53d016723e285dff6e41ed54ed898b8468ef0811fad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBA1CCF3F116244BF3444969CC983A27643E795321F2F81788F586BBC6D97EAD0A9384
                                                                                                                                                                                                        Function 0054B4A2 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 26f0e7c5aa112406ac109c30e89051d00397eac3755345b1fc26e2970fdb7302
                                                                                                                                                                                                        • Instruction ID: 2a481bb5a08a64b2c227c5a94ddd79f02eb256d1921ab97e33843a972d1d144d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26f0e7c5aa112406ac109c30e89051d00397eac3755345b1fc26e2970fdb7302
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68A1E0B3F206254BF3444D78CC883A27292DB94315F2F82388F49AB7C6D97EAD495384
                                                                                                                                                                                                        Function 0048F2AA Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9c4bad35622701c0d076ed2cc7e8c77fe2f843fad54b5de3e8745eb43d3c8ea9
                                                                                                                                                                                                        • Instruction ID: 9b7aca147c592dcdd25d9f833a635cc9dd781f55687f537cd09d8237f4b413f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c4bad35622701c0d076ed2cc7e8c77fe2f843fad54b5de3e8745eb43d3c8ea9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0A1B0B3F1062547F3444928DC943627693DBD9314F2F8278CE48AB7C6DA7EAD0A5384
                                                                                                                                                                                                        Function 004BF145 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c303be8752d1c516f12b08c03389e44c95f1d8607c04ef61a7ccd459591d1ed2
                                                                                                                                                                                                        • Instruction ID: d5fa971d7cbb7e7f584482689b1570a9f3aa5b9a57fca351916b3b4578b43d24
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c303be8752d1c516f12b08c03389e44c95f1d8607c04ef61a7ccd459591d1ed2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83917FB3F116254BF3504D29CC843A27693DBD5320F2F41788A8C9B7C6EA7EAD4A5784
                                                                                                                                                                                                        Function 004B22F2 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1552c9ca48a7f2a1595f94f82e23e7368f69bf57596d74586b8762b03d9bc222
                                                                                                                                                                                                        • Instruction ID: bb0a3a618df4117b17935e383874d5b3ebf335745a81a52223325b2506e6d58d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1552c9ca48a7f2a1595f94f82e23e7368f69bf57596d74586b8762b03d9bc222
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2491ACB3E116264BF3504A68CC943A27693AB94320F2F42788D9C6B3C6DA7F6C5587C4
                                                                                                                                                                                                        Function 005000A4 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 82db57e49a9ab58c6209bed35f34c1b05aa6e6183185f1179d93d91ac73294e1
                                                                                                                                                                                                        • Instruction ID: 2cd7354f1838a9b4f3ec0e4cd5d1e8181b5d60b895ef1d16da26e24498a38cfe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82db57e49a9ab58c6209bed35f34c1b05aa6e6183185f1179d93d91ac73294e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A91BDB3F116254BF3444929CC983A27683DBD5311F2F82388E496B7CAD97EAD0A5384
                                                                                                                                                                                                        Function 004D723F Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 58bc84ff1390c77379ac90cd6b8f7dfa79d3ec6485547d9324bfea0274ebba57
                                                                                                                                                                                                        • Instruction ID: 5fbbb8d24bfa456aca958f483fa8db59446def7cbd9d50282ba020500f974803
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58bc84ff1390c77379ac90cd6b8f7dfa79d3ec6485547d9324bfea0274ebba57
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D91BCB3F116254BF3544D29CC583A2B2939BE4320F2F42798E9CAB7C6D97E5C465284
                                                                                                                                                                                                        Function 004D5046 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ea25a4fb02bf0182410cc9fd3c581f0a6d9059552f4492ffa502cf9d4ea85927
                                                                                                                                                                                                        • Instruction ID: 360686cccc4855102bc2a7672982b2974bcfede6a11d9d0f52ebe431a374a83e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea25a4fb02bf0182410cc9fd3c581f0a6d9059552f4492ffa502cf9d4ea85927
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7591ABB3F106244BF3544D29CC983A27683DBD5324F2F82788E986B7C5D97E6D4A5384
                                                                                                                                                                                                        Function 004BB00F Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b128e9fc7a3544af769192dc17f5837fc9fc9cab64cf42fa24b3614131dcd572
                                                                                                                                                                                                        • Instruction ID: 0f62fc2868e10d3fa344020b09c285dea8c96000781f26ca6498bbf1fd9cbf9a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b128e9fc7a3544af769192dc17f5837fc9fc9cab64cf42fa24b3614131dcd572
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6391ADF7F5062547F3144928DC983A27692DB95320F2F82788F4C2B7CAE97E5D4952C4
                                                                                                                                                                                                        Function 0053F3B9 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 341e35c75a822141259c0ea369f53f413e4c5c3a4fca8bca2a7c9ac9b430c1a2
                                                                                                                                                                                                        • Instruction ID: de91d6f9aacf24431a044254874ffb3c923fb7d04177aeaad35ab4ac46b31eb3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 341e35c75a822141259c0ea369f53f413e4c5c3a4fca8bca2a7c9ac9b430c1a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85919DB3F116214BF3544879CD983A2768397D4325F2F82788E1CAB7C6E9BE5C4A5384
                                                                                                                                                                                                        Function 0054E33D Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a4c6c4e9f7131492d6cfb75be36518d015acb0ba0638c954ced82fd5419bffbb
                                                                                                                                                                                                        • Instruction ID: 325d8467a682d1c5486956c5d70f0bc0847f2979e50888b2756095083c5e21f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4c6c4e9f7131492d6cfb75be36518d015acb0ba0638c954ced82fd5419bffbb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 489199B3F1162547F3584D28CCA83A27283DB95321F2F827C8E496B7C5E97E6C495284
                                                                                                                                                                                                        Function 00522135 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ccb2c19ecbee584dfccfd39557fc6f16266dfff11628f90a0b8498ba628e7965
                                                                                                                                                                                                        • Instruction ID: 750e5a1f47fc5e4f2086f0094009a2b428b6977d6b1862782c31f865c3a69f89
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccb2c19ecbee584dfccfd39557fc6f16266dfff11628f90a0b8498ba628e7965
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC919DB3F1162547F3544D28CC583A27693EBD5311F2F81788E49AB7C6DA7EAC0A5384
                                                                                                                                                                                                        Function 004C5353 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 49eba045bb656f31c310988c1bdf6b23396eb0fa26f072f23f2c5ccd454157e2
                                                                                                                                                                                                        • Instruction ID: 6b20c4e277d3f255e121be3a76cb74b4bf00cb1e5d1faaafa737f1f431280049
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49eba045bb656f31c310988c1bdf6b23396eb0fa26f072f23f2c5ccd454157e2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC916CB3F1162547F3544D29CC9836276839BE0321F3F82788A9CAB7C6E97E9D465384
                                                                                                                                                                                                        Function 0053D054 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 33d8baa72482107342241f5520696076c3e12b9eaf25a737c776b7b406277316
                                                                                                                                                                                                        • Instruction ID: 98a11dd166ab083dbf6ab804da6548a41fe1b595d58ca779290478329c95b53c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33d8baa72482107342241f5520696076c3e12b9eaf25a737c776b7b406277316
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C91BFB7F116250BF3544C29CC5836276839BE5325F2F82788E8CAB7C9D97E6C4A4784
                                                                                                                                                                                                        Function 004CA11F Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8cf662ee01d39492a51d8dbfbad75e76d2b652b2bccf5cec4b271693f373bbb0
                                                                                                                                                                                                        • Instruction ID: ddffdd1ad7c695bdb8da24e1eacf8f1b4255dc49b11a07ec231316ad1c3ace2b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cf662ee01d39492a51d8dbfbad75e76d2b652b2bccf5cec4b271693f373bbb0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB9199B7E1162547F3440928CC983A272539BE4324F3F42788E9C6B7C6EA7EAD4657C4
                                                                                                                                                                                                        Function 004DE20E Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 26c780e7a0bb8eeb82ea9acca342c91b77ce9b962a4fec3e37133dd9befb316a
                                                                                                                                                                                                        • Instruction ID: f385c07e019adee39a60370ad18f624425d103cc293c97dfb8c28b9e92f88336
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26c780e7a0bb8eeb82ea9acca342c91b77ce9b962a4fec3e37133dd9befb316a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F91BBF7F1162547F3544929CC583627693DBE1311F2F82788E48AB7CAE9BE9C0A5384
                                                                                                                                                                                                        Function 005440DD Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 144264a6a243a47a2f89d85394d7bb9a1fee3e3734534977dede4354cb201a5e
                                                                                                                                                                                                        • Instruction ID: cad0bc7578e7837454fd4d729333362a8e0c0dc5d65dbbb672fdade69cf2f21b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 144264a6a243a47a2f89d85394d7bb9a1fee3e3734534977dede4354cb201a5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6591E0B3E115354BF3644D28CC983A276939B95325F2F82788EAC6B7C5D93E6C0993C4
                                                                                                                                                                                                        Function 004404C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                        • Instruction ID: c107afd89b60039f5438e47561550e5024fee76f81a8dc18e3efa4b5cdb5b24f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4B17132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                        Function 004BC0F3 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1dcb63f2884b41ee37dc5a2e0658e80ab22b5f545432b50176585ffde9eb1c1c
                                                                                                                                                                                                        • Instruction ID: 327f63d734b16662915fdafa12d4c6a078071fe2f00be5bb2c9fbc650fe6174a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dcb63f2884b41ee37dc5a2e0658e80ab22b5f545432b50176585ffde9eb1c1c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80918BB3F1122547F3544D29CC583A27693DB90321F2F42788E8DABBC9D97E9D4A5388
                                                                                                                                                                                                        Function 004D4316 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 74cb3eb421a897cfab346f3f43ef333fd2d877871c3f6f370b2bcd13d2710cc8
                                                                                                                                                                                                        • Instruction ID: f85cc7c7f955202f869794beb133373c23afadc40327320e990aac719b74ff5b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74cb3eb421a897cfab346f3f43ef333fd2d877871c3f6f370b2bcd13d2710cc8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B991ECB3F516214BF3444D68CC943A27293EB95324F2F82388F69AB7C5D97E9C495384
                                                                                                                                                                                                        Function 00546003 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a2c1eecd83153be488a158fa1f0c6e192f4657ce462a6409787e8c813d2b85f0
                                                                                                                                                                                                        • Instruction ID: 7cccbf17ac0d0beed960f61d5a7505ef5d76f84e5d6888dbdd0c1523b2ccb271
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2c1eecd83153be488a158fa1f0c6e192f4657ce462a6409787e8c813d2b85f0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C91C1B3F106258BF3144E28CC943A27653EB99311F3F41788E486B7C5DA7E6D4A9784
                                                                                                                                                                                                        Function 0052B1D4 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b927960fbc2aa38a857e995a91e0d05897d426b741874cfb78f655b5ed9a3b91
                                                                                                                                                                                                        • Instruction ID: 06bc1815135e70ccfd709cc905fa3bbe3ec9ace9a351b6c60b4ea6b28838e66f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b927960fbc2aa38a857e995a91e0d05897d426b741874cfb78f655b5ed9a3b91
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4791B0B3F206254BF3444D38CD983627692EB91314F2F823C8E58AB7C5D97EAD495784
                                                                                                                                                                                                        Function 004AA3AC Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: db395919b1bfec116d4b0f136b19ffb4bd36795e8c429d5b96b96692fd5db111
                                                                                                                                                                                                        • Instruction ID: 9ffa3c2799b40ea8947c4f09c79c88064e00125c21ab8f0c38c0cf856ece704a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: db395919b1bfec116d4b0f136b19ffb4bd36795e8c429d5b96b96692fd5db111
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A391BDB3F5062547F3944D69CC983A272929B94314F2F423C8E8CAB7C5E97F6C4A5784
                                                                                                                                                                                                        Function 004BB47A Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b6c2658423260bb6d938c5868500c4362f9f14569ccb7b9ee216c93cad0ab03a
                                                                                                                                                                                                        • Instruction ID: e5f30a5cf59735226e29c811c6af7d392534c60e8afc82b6b2796b416f085f73
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6c2658423260bb6d938c5868500c4362f9f14569ccb7b9ee216c93cad0ab03a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9591AC73F102258BF3144E29CC943A27692EB95320F2F423C8E996B3C1DA7E6C4A5784
                                                                                                                                                                                                        Function 005271F9 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8369b0ad895eaea42f3549235acf2f3813c4a7c1a262e830cee2ed0f0b50ff5b
                                                                                                                                                                                                        • Instruction ID: 00a916ecf6cebe89be06a14edd94ddcb7d44d40d7b4d8c994b3e45090182c88d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8369b0ad895eaea42f3549235acf2f3813c4a7c1a262e830cee2ed0f0b50ff5b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1691D0B3F0162547F3444D28CC983A27693EBD5310F2F41388B899B7C1DABEAD4A9784
                                                                                                                                                                                                        Function 0051556B Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 787dd8124fc458ba62357266b2718ebbee6c93743eadf3aef2bb45bfe0fa35fa
                                                                                                                                                                                                        • Instruction ID: 3cc7893ce20423af85b603d5ab9b078475f24a6018d1f33bbfb4fbf04ede9447
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 787dd8124fc458ba62357266b2718ebbee6c93743eadf3aef2bb45bfe0fa35fa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B891ACB3E1162547F3644D29CC983A276939BE0320F2F427C8E8C6B7C2D97E6D865384
                                                                                                                                                                                                        Function 00460460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 676c01635ce5263ac5f756889b895547b6d8405124469a003d32e1b8ae28e6b1
                                                                                                                                                                                                        • Instruction ID: 249e8f5e672ec0f036de5a1683057d7f01ca7045496dad0e2b24113c43cb0564
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 676c01635ce5263ac5f756889b895547b6d8405124469a003d32e1b8ae28e6b1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E66115356083019BD7159F18C89063FB3A2EBC5720F19852EE9858B3A1FB34DC61878B
                                                                                                                                                                                                        Function 00516003 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2e4783bc1329e3884c9315207fd95f2e8ed3f3738daaca43fb97674aa9ab403b
                                                                                                                                                                                                        • Instruction ID: b5fdc036e452da02a416150e9dbe31eb2ad7fc8360b7969ed6632bf321fd36e9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e4783bc1329e3884c9315207fd95f2e8ed3f3738daaca43fb97674aa9ab403b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A918CB3F1162147F3544D79DC883A27682EBA1321F2F42788F9C6B7C5D9BE5C4A4288
                                                                                                                                                                                                        Function 00498430 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 17c84fc526c6ffb2adf43be5401a31a91b3dffc5ea350160e08ee866db3a597a
                                                                                                                                                                                                        • Instruction ID: 1fac812e5d3b562cf73a0dad65b6f879f29ffd56ed553b7fe7977d2413898a1c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17c84fc526c6ffb2adf43be5401a31a91b3dffc5ea350160e08ee866db3a597a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69819DF3F106254BF3584878CC683A66583DBE5324F2F82388F59AB7C6D97E9D464284
                                                                                                                                                                                                        Function 004A908B Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c9d1bfb5f5c82174662b3be9ef1f6af2cae23961ef893648cef7290bdf3bd6cb
                                                                                                                                                                                                        • Instruction ID: 431439d49e5ec1beded9e53af7a2c960e613170876757007e638006910dd2087
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9d1bfb5f5c82174662b3be9ef1f6af2cae23961ef893648cef7290bdf3bd6cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A816073F1122587F3544E68CC943A27293EB95310F2F4178CE886B7C5EA7EAD4A9784
                                                                                                                                                                                                        Function 0050A567 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9af9802b1118df1dbd804502e23343cfa50b0771bb80d05cdf48e0a950e95226
                                                                                                                                                                                                        • Instruction ID: 0df0563251f180eea4f1b2315e05253c043491de73ba856dedb511e68f70d88e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9af9802b1118df1dbd804502e23343cfa50b0771bb80d05cdf48e0a950e95226
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C8180F3F2162547F3444839CD583627683DB91325F2F82388A59AB7C9D9BE9D0A5384
                                                                                                                                                                                                        Function 005A42EC Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ccccdb8f42230620b9d5cdd31d0a7c2707c36eb3a38ef3e7651a8ab034d5aeae
                                                                                                                                                                                                        • Instruction ID: 223e70c399029fc13b4085dbddf96e70edc9d5f4293ab8985183bca1ea135b53
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccccdb8f42230620b9d5cdd31d0a7c2707c36eb3a38ef3e7651a8ab034d5aeae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9671F5F3E083205BF3105A2DDC8476AB6D6DBD4720F2B453DEAC897785E5799C018682
                                                                                                                                                                                                        Function 005391EC Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 28765e51314908ce13ae376caf04fd972d31313a6ee66cb5e2a1295acfad1712
                                                                                                                                                                                                        • Instruction ID: 9a615edc9b678fd342bc4ba2723e25d8611c49f282a11854673834ac4a05715a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28765e51314908ce13ae376caf04fd972d31313a6ee66cb5e2a1295acfad1712
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7381BEB3F106254BF3504D78CC983A27693EB95310F2F42788E486B7CAE97E6D4A5384
                                                                                                                                                                                                        Function 004BA3D1 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 64ec4c57aa69a0466e5c66472a3206907292a2654a863016ee967ac9a0d23f1b
                                                                                                                                                                                                        • Instruction ID: 4f2c7700fd058748c7fb98f8f48c59aeed4c39aede82bb2b02883a34e54cb188
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64ec4c57aa69a0466e5c66472a3206907292a2654a863016ee967ac9a0d23f1b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5181B1F3F1162547F3544929CC483627693DBE4321F2F81788E4CABBCAE97E9D0A5284
                                                                                                                                                                                                        Function 004F119A Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2f2a3537bbf01e38926165127b67635f178fe5b61cbeb1206772e4ba73057634
                                                                                                                                                                                                        • Instruction ID: 320e102121c90fdd7dbd190b3761e8adae9778175a982c291d87d733a4742183
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f2a3537bbf01e38926165127b67635f178fe5b61cbeb1206772e4ba73057634
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC8169B3E1062547F3544D29CC583A2B253ABD1324F2F42788E9C6B7C1D97F6D4A9788
                                                                                                                                                                                                        Function 0054A3EE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a2bebca6f841417e49f463f8f5ff545ba7adea31b139e30393c824056597c82b
                                                                                                                                                                                                        • Instruction ID: d2f39f213041eea6dc58769543207c015b3d32abf5d1a2728b140dc42c85a856
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2bebca6f841417e49f463f8f5ff545ba7adea31b139e30393c824056597c82b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE81F0B3F5162447F3544929DC983A276839BD5324F2F82388E5C6B7C6DEBE5C0A5384
                                                                                                                                                                                                        Function 004DD055 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ea8f231485e4e0495cacb5beee8fb090f2618214cd16f222c3d95e18a8244db6
                                                                                                                                                                                                        • Instruction ID: a35746da7d3d88599e63dd5f1f749f031c52b1afa6f49298edbeaa09bc2f9998
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea8f231485e4e0495cacb5beee8fb090f2618214cd16f222c3d95e18a8244db6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D88181B3F1162547F3544D68CC9839276939B94724F2F42388E5CAB3C5EA7EAD0A53C4
                                                                                                                                                                                                        Function 005051F7 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f4596933b9c1b12ed6aa934d14940771a7818432d32c5af809ffd5aa7f7b5f19
                                                                                                                                                                                                        • Instruction ID: 442334b360474f0bd0819c6800ce4f99e68b5a3895040e670070ec0b6199dcdd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4596933b9c1b12ed6aa934d14940771a7818432d32c5af809ffd5aa7f7b5f19
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6819DF3F1062647F3484979CD9836276939794321F2F42788F4CAB7C9D97E9D0A4288
                                                                                                                                                                                                        Function 0051B319 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 396ec826b0b54ac26be6e3e4ebee8a3d82fb5350947922614dc1f8c291661189
                                                                                                                                                                                                        • Instruction ID: d49270c8e815cb4c9e95dacc9a917d1e0289afb3d1fffedb42e11941c8695716
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 396ec826b0b54ac26be6e3e4ebee8a3d82fb5350947922614dc1f8c291661189
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F8179B3F2162547F3584C38CC683A265839B95321F2F82788F9D6B7C6E97E5C495384
                                                                                                                                                                                                        Function 004B528A Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 69d2afc41cb80780a292b265e790769be5bbeeff8d34e4ce69cc5c171e03c568
                                                                                                                                                                                                        • Instruction ID: 57ab85844cd03ea0a3bb8440ed59ed2dce7b196b96aafcd92f50fdf2af8f1833
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69d2afc41cb80780a292b265e790769be5bbeeff8d34e4ce69cc5c171e03c568
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F81ABB3F116244BF3544D28CC58362B692AB95320F2F827C8E8D6B7C5DA7E6D0997C4
                                                                                                                                                                                                        Function 0052A058 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e36866ac0cfc3997391bd44725061f06bc6605cfd776864f5842193113cb2f4e
                                                                                                                                                                                                        • Instruction ID: 511d2af1f7120ac77c6b5af1bb1c13e42e08bc3e78e7a3d0509c597b94953870
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e36866ac0cfc3997391bd44725061f06bc6605cfd776864f5842193113cb2f4e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC81AEB3F5152547F3484935CC583A27643DBD0311F2F82388E996BBC9D9BEAD4A5384
                                                                                                                                                                                                        Function 004C61FB Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6ccd44a0642148b0b4a786c8640dedcc302f88c38416f0aaca2ab70f98c6a732
                                                                                                                                                                                                        • Instruction ID: f7c24d7a42207ba6cdcc8fdbe806162f2d693f7f532709ba33241c82ae6b2d29
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ccd44a0642148b0b4a786c8640dedcc302f88c38416f0aaca2ab70f98c6a732
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E681ABF3F1162547F3544838DC883A275939BE0315F2F82788E4C6B7CAE9BE5D0A5288
                                                                                                                                                                                                        Function 0051C229 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bd2221eac2dd600950a565616c34e3b13d1be29c5f3ba352560e15f0dba76159
                                                                                                                                                                                                        • Instruction ID: 331310f6bdc37655d9e707670dd500e80639abdb47ea0eb17a248c2971291b13
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd2221eac2dd600950a565616c34e3b13d1be29c5f3ba352560e15f0dba76159
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A81BFB7F115254BF3444D28CC543A2B293EBA4325F2F41788E5CAB7C1DA7EAD455384
                                                                                                                                                                                                        Function 004EE16D Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fa765ce19a5a0c864f2b2b32cdf867efc8d9452e3a9e66eeda3f96d545aa7e32
                                                                                                                                                                                                        • Instruction ID: 87b7ec83028be9bbfc701d8d05ef25f09a097521ce6b60943da3dd7daa3f318a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa765ce19a5a0c864f2b2b32cdf867efc8d9452e3a9e66eeda3f96d545aa7e32
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E481D4B3F116244BF3504E28CC943627293DBD1311F2F42788E98AB7C6EA7EAC095784
                                                                                                                                                                                                        Function 004EA179 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 80a08a127d13b9171aadbeded9902ddddfe7d8b7d2569c19040286a287983317
                                                                                                                                                                                                        • Instruction ID: eb69aee67d7afc0463940e0977948b77a5a679975cb6d58ecf71e59bfd34a412
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a08a127d13b9171aadbeded9902ddddfe7d8b7d2569c19040286a287983317
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1818CB7F112254BF3444929CC983A27693EBD4321F3F41388E486B7C6DA7E6D4A9784
                                                                                                                                                                                                        Function 004E5446 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ff53d2ad25476a3fc55348dca36aee9667b1a0350870fa9e87a7c6053b4fdac3
                                                                                                                                                                                                        • Instruction ID: 169443b9bf3eef2bfbced66fb482c9d3d3cdbe88a6383b04929c493e04bef973
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff53d2ad25476a3fc55348dca36aee9667b1a0350870fa9e87a7c6053b4fdac3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43818DB7F106248BF3144E29DC983A27693EBA4314F2F41788E8C6B3C5DA7F2D459684
                                                                                                                                                                                                        Function 0048122A Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5897bc2b54f1acf65cfbe995d3fd8563f514a14c0b99598c17c598cbb1819f85
                                                                                                                                                                                                        • Instruction ID: 2ef7793f46879383e7da788262492c83e88059a68696760c60879490193e71b4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5897bc2b54f1acf65cfbe995d3fd8563f514a14c0b99598c17c598cbb1819f85
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84818FB3F1062547F3544D28CC983A27692DB95311F2F42788E8CAB7D2D97E6D4953C4
                                                                                                                                                                                                        Function 005102D0 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 165773cc474e97882114feeaa22b4ae7f73b98b0473730342097c396e73a9f0d
                                                                                                                                                                                                        • Instruction ID: fc0f9e71e89c4ef9fedd3caaf2b82f0bce0b798b4958e5a4dc3ff03dfbb5b49f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 165773cc474e97882114feeaa22b4ae7f73b98b0473730342097c396e73a9f0d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D71ADB3F116254BF3480D79CD983A275839BE5311F2F42388F589BBCAD97E9D0A5284
                                                                                                                                                                                                        Function 0054211E Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2d99316c4948d7b58444e7ca9d6a97c12be86a5d0e80873ecd5eb37e98bf48d5
                                                                                                                                                                                                        • Instruction ID: afc0afa34adefa656653f9d74868aa5153f2684d5d015dcd00984c8ed1fcd266
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d99316c4948d7b58444e7ca9d6a97c12be86a5d0e80873ecd5eb37e98bf48d5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64719FB7F106244BF3504E68DC943A27253EB95320F2F41788E886B3C2DA7F6D499784
                                                                                                                                                                                                        Function 005190CE Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5cde41d82af074d5caba148dc30716df4d1bd7ba3a5b580d352de8723021dea8
                                                                                                                                                                                                        • Instruction ID: e7e5996e26a925e1808862fb2525bff4176fd84f2065d70b906f7efae38c7251
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cde41d82af074d5caba148dc30716df4d1bd7ba3a5b580d352de8723021dea8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F571CEB3F116214BF3548929CC983A276939BE4314F2F81788F4D6B7C6D97E6D0A5384
                                                                                                                                                                                                        Function 004DB0F7 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9ba2013f8d99865c25f833d7253d01148dbdfc5ba2a7ff4f277b9297924da292
                                                                                                                                                                                                        • Instruction ID: 3566bcd117b83e1bde7e33b20aa9e6de5f29ce984ba440bb209ce2fcbc241e59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ba2013f8d99865c25f833d7253d01148dbdfc5ba2a7ff4f277b9297924da292
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8971B1B3F2162547F3540D29CC943A27693E7D1320F2F82788A699B7C5DD7EAD0A5384
                                                                                                                                                                                                        Function 00488301 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 979bfbfc678ceb9d9cb5b6d0fb41c0e080d11e67f267f00a453d504a876a0e2c
                                                                                                                                                                                                        • Instruction ID: e35ee13bdf08090695a17874c7d0fc105a4454d736d0faa98e63cb0062b6079b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 979bfbfc678ceb9d9cb5b6d0fb41c0e080d11e67f267f00a453d504a876a0e2c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4471BCF3F1162547F3444868CC983A27683DBE5314F2F42388F28AB7CAD97E9D0A5284
                                                                                                                                                                                                        Function 004A14DF Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 222a3c4c3a99db45c36e34a0f61c5c2d92dc6074b0413595c7ebbc8809febb11
                                                                                                                                                                                                        • Instruction ID: 68947457a9b278eeb9c1f95ef21c1f7b77640cfcaa5d782b19c2b7c555bcd053
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 222a3c4c3a99db45c36e34a0f61c5c2d92dc6074b0413595c7ebbc8809febb11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3971D5B3F116254BF3544D29CC943A27693DBD9311F2F42388E48AB7C6DA7E6D0A5384
                                                                                                                                                                                                        Function 00520341 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 08060719c9fa66e23100ea1cf8790b20930b965f138547fa9e2b3787a710150a
                                                                                                                                                                                                        • Instruction ID: e4b15cb34a8c5edec877a52c0d946ecaf8bdc33f199c92148c47fd4406eb7b33
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08060719c9fa66e23100ea1cf8790b20930b965f138547fa9e2b3787a710150a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4771CDB3F112254BF3540D28CC983A27693ABD5315F2F42788E8C6B7C6D97E2C499784
                                                                                                                                                                                                        Function 004CC1F9 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1bfe2f518f4d3e59035806ec6ef1750fc36b6d74f290645d729005e51ff4a413
                                                                                                                                                                                                        • Instruction ID: f432ed03d770e21ef9335c0184b4beefc6e293f22ec75240f2ddedd682de2c6a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bfe2f518f4d3e59035806ec6ef1750fc36b6d74f290645d729005e51ff4a413
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F71B0B3F2162547F3504D38CC883A27293DB95325F2F42388E6CAB7C5D97EAD465288
                                                                                                                                                                                                        Function 004CC565 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f7ded544c86e8c93d8e654a1767398911ec53c6a57c14261e979e6f8ee8087c2
                                                                                                                                                                                                        • Instruction ID: 6ffde98a6b6fbf0cb57c4ebf87cc1cdd319757090bfb5adcd5400eee131b800f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7ded544c86e8c93d8e654a1767398911ec53c6a57c14261e979e6f8ee8087c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37716DB3F116254BF3504D29CC943627293DBA5321F2F42788E9C6B7C6DA7E6C0A5284
                                                                                                                                                                                                        Function 004D5490 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bf2377ec905f2751a77e19de09bafcd4b8578b859e762b0d265c2cd2daf797ec
                                                                                                                                                                                                        • Instruction ID: 03453dd896823894bbc45221d52b5804553f8e0fc03c900fa578915a29c30c7d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf2377ec905f2751a77e19de09bafcd4b8578b859e762b0d265c2cd2daf797ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B71B2B3F111258BF3444E28CC943A2B762EB99310F2F4178CE995B3C5DA7E6C59A784
                                                                                                                                                                                                        Function 005484A0 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d63c09012f0fbad2cc0ff84330c2d17ca28b7523fa9df4f56015bbdf3b0ba069
                                                                                                                                                                                                        • Instruction ID: d781b98228d1f74e10fb5ef88d60ddc5a1a89ada676f8d9ebc6a962764c09002
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d63c09012f0fbad2cc0ff84330c2d17ca28b7523fa9df4f56015bbdf3b0ba069
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9171B1F3F1162547F3144828CC583627583DBE1325F2F82788E4CABBC9D97EAD4A4284
                                                                                                                                                                                                        Function 004F8208 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c269148bb743f39be80b5dcc93051a3d2491b427fddf6c63e772b64cccbfd534
                                                                                                                                                                                                        • Instruction ID: 9b88621861f02dbe9529aa75c0bfecc82f9be3adffc8461469915caa02cc4110
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c269148bb743f39be80b5dcc93051a3d2491b427fddf6c63e772b64cccbfd534
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA71AFB3F116244BF3844968CD993A27292EB95310F2F42788F58AB7C5D97EAD0953C8
                                                                                                                                                                                                        Function 00534206 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 32eee787d8a74606db843b0915c3003d9e9baea165d1012a5b62d5f465ed3dd1
                                                                                                                                                                                                        • Instruction ID: 0a716e10ed47317aa6026bbc5ebd11695ed16530b514da16ab92344c0e594036
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32eee787d8a74606db843b0915c3003d9e9baea165d1012a5b62d5f465ed3dd1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D719AB7F1162547F3544879CCA83A266838BD0324F2F82788F5D2B7CAE97E5C0A4284
                                                                                                                                                                                                        Function 00545170 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: cf14a4cdba9f7f5505a0e307e8dabf2576a1d5ffd083936f032cabb6db598d55
                                                                                                                                                                                                        • Instruction ID: 0c5144bbf9895c62a4db01c570545c2fa9d686d9ea7df6e479adef87e26ae499
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf14a4cdba9f7f5505a0e307e8dabf2576a1d5ffd083936f032cabb6db598d55
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A37179B3F106248BF3544E29CC943A27252EB85314F2F81788E496B7C6DA7F6D499784
                                                                                                                                                                                                        Function 00548158 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: fc62af54a3159dddf80387c5b7fc00a4d0953ffcaf97bffd914ad6e8c3493d90
                                                                                                                                                                                                        • Instruction ID: 8743ed218c2d0b3673ca552220af0a150067c7847dba54b8cc54d122d5099106
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc62af54a3159dddf80387c5b7fc00a4d0953ffcaf97bffd914ad6e8c3493d90
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6461EFB3F116244BF3584D68CCA83627692E795311F2F42388B4DAB7C6D97E6C4A5384
                                                                                                                                                                                                        Function 0052101E Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 92293e4ebef7b5b1e13e0cb614ae2230a1b6b260fc9e29f67f1825769a04b9d0
                                                                                                                                                                                                        • Instruction ID: d3bf4e3b315702254959a97017594b0b3e6928015d3256c4ff1b28878b703b00
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92293e4ebef7b5b1e13e0cb614ae2230a1b6b260fc9e29f67f1825769a04b9d0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A361C0B3F1162147F3504D79CC893A27292DB95314F2F02788F0CAB3C6D97EAD4A5288
                                                                                                                                                                                                        Function 00488006 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ace1fd5b7b68c7723e494f5d00707f131224f3983b05cfe3b8a1bdfbe1a3a491
                                                                                                                                                                                                        • Instruction ID: 0658c9513aaf57d0cce530483b09e0dbb990b7c9764f2794dd9cf3a64e68eeed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ace1fd5b7b68c7723e494f5d00707f131224f3983b05cfe3b8a1bdfbe1a3a491
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95619DB3F1062447F3544D29CCA43A27292DBA5721F2F827C8F596B3C6D97E6C0A5784
                                                                                                                                                                                                        Function 004890CB Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0d3d7177ea05e91b65bf78bc50e9d5c51e45f46ced4fb3ba0414b325cfc02e1f
                                                                                                                                                                                                        • Instruction ID: f116483469a011f3a49355d4fac027452392e61e50a5f2b6b9ba99d2daff1611
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d3d7177ea05e91b65bf78bc50e9d5c51e45f46ced4fb3ba0414b325cfc02e1f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1061AFB3F1162547F3504D29CC943A27293EBD5310F2F42788E986B7C6D93E6D4A9384
                                                                                                                                                                                                        Function 005472D6 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c374e458dbe535df9eebebe24587339561ddaf98d9d1fa4edb33881b30b7f85d
                                                                                                                                                                                                        • Instruction ID: d613ec0de04ba6621d7d0e76e38a3bd67460cd72a50f29a3c7c76f8a2e968963
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c374e458dbe535df9eebebe24587339561ddaf98d9d1fa4edb33881b30b7f85d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3061A8B3F115244BF3184D38CD983A27A539BD5310F2B827C8B496BBCAD97E6D4A5284
                                                                                                                                                                                                        Function 0050926D Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 16e61125b82a4e24fd8bad981c4484832b0922913b3589623b3866063a3b62e2
                                                                                                                                                                                                        • Instruction ID: c99b4337407d159c57a95c715509966e6dbc4f07ef13d698e4025764d8942542
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16e61125b82a4e24fd8bad981c4484832b0922913b3589623b3866063a3b62e2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D61DDB3F1162587F3500D38CC543A27653DB95321F3F42388E686B7C9EA7E6D0A5284
                                                                                                                                                                                                        Function 00511460 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a2596e25aa011cc67555459f3456cfddd59afd5d2cef0e3c192645c697e94eef
                                                                                                                                                                                                        • Instruction ID: 8d24a74e09a2c56eb836d9684f128dc04f22956b8740634951f05c8acc516cb5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2596e25aa011cc67555459f3456cfddd59afd5d2cef0e3c192645c697e94eef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1561DDB3F112254BF3540978CD583A276939BE5320F2F42788E4C6B7C9EABE5D4A52C4
                                                                                                                                                                                                        Function 004ED263 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b836285cbf7bc7d9ae66d40102d9e8b22104f2fd402c6c3693f55702a569c261
                                                                                                                                                                                                        • Instruction ID: 5066fc2c75d4a5ef4a3aba63f85c79bb897e33a952857f2885f13d9dc0d05d7d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b836285cbf7bc7d9ae66d40102d9e8b22104f2fd402c6c3693f55702a569c261
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34618CB3F2162547F3540D28CC583A27643DBD1321F2F82388E596B7CAEA7E9D095388
                                                                                                                                                                                                        Function 005120D1 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b131ee0b6e2e19f6d936b71468bc84e62b52d3579ec635e8cea1d048ba5756db
                                                                                                                                                                                                        • Instruction ID: 2507c8193a279b18faee06b7fabe3eea532a7acb1effc6bb4b8772441e3d8130
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b131ee0b6e2e19f6d936b71468bc84e62b52d3579ec635e8cea1d048ba5756db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5519DF7F2162447F3444928CC983A27293EBA5315F2F82788F5C6B7C5E97E6C4A5284
                                                                                                                                                                                                        Function 004DF42E Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 87d36f0c5e90b0270f9efdc020346ed38ef44a4c1c5fdf43e95b0173e6aeceba
                                                                                                                                                                                                        • Instruction ID: 95a9e562a06dcb41fd1c84a240eecb91879c53a8ffdd7b03ab4f014bd2713b5d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87d36f0c5e90b0270f9efdc020346ed38ef44a4c1c5fdf43e95b0173e6aeceba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0518EB3F102244BF3484D29CC683627693EBD1314F2F417C8A8A6B7C5D97E6C0A5784
                                                                                                                                                                                                        Function 0053F0C4 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 53af266de8d0f951444633dc54786dd6c932d5234421103da0ab8e239246f8e1
                                                                                                                                                                                                        • Instruction ID: 2c7767c0400f6efb8860471a04765f312e13faa972bc38b9f53d7dd0a18376eb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53af266de8d0f951444633dc54786dd6c932d5234421103da0ab8e239246f8e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4516CF3F1162187F3444A28DC943527693EB95324F2F8178CA486B7C6EABF5D4A4788
                                                                                                                                                                                                        Function 00520091 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 35605e2ff590a805b9788764e39e998cc5dd61b056753d348a92a9decf65a936
                                                                                                                                                                                                        • Instruction ID: 0566f5f0ef8acc2d081f3bf03a31ffb7a29b9956f3caec7a32810db838899821
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35605e2ff590a805b9788764e39e998cc5dd61b056753d348a92a9decf65a936
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 885171B3F1022547F3504D39CC983A27692EB95311F2F42788E8CAB7C5DA7E6D4A9784
                                                                                                                                                                                                        Function 00513303 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5a9091f0bf580eb3e0f3f33ce760b965ed4781d82c62ef5aec423f23d2ce5bdc
                                                                                                                                                                                                        • Instruction ID: c8604e47db20f90b0e259ea788e093c03ab9f84316befae159d9d8875695c2f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a9091f0bf580eb3e0f3f33ce760b965ed4781d82c62ef5aec423f23d2ce5bdc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51ADB3F1122547F3004E28CC943627653EB95325F2F42788E5C6B7C9DA7EAD4A52C4
                                                                                                                                                                                                        Function 0044F377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: eaaa09c76cd3209a98536f58cd079e885f65fe30591bbe336896aad8c74d5fe8
                                                                                                                                                                                                        • Instruction ID: 64affbce5e40ef5c0482bc6d3a878316e9ddbc92d8d3e81ea3c1f4ac7e30a6ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eaaa09c76cd3209a98536f58cd079e885f65fe30591bbe336896aad8c74d5fe8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD61F872744B418FD728CE38C8953E7BBD2AB85314F198A3DD4BBCB395EA78A4058705
                                                                                                                                                                                                        Function 0045F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0c82f59e4334721e7ea14cb907963738a1010ab5f3d0998917059c143daad0fb
                                                                                                                                                                                                        • Instruction ID: d39c9f565bb1ab295209e8fd44c935ba4cd3516ac6a2fdef8ec0fb6cb7ffd8ae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c82f59e4334721e7ea14cb907963738a1010ab5f3d0998917059c143daad0fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B44107727187514BD718CE38889117BFBD69BDA301F1D887EDCC2C7286D529E90E8B86
                                                                                                                                                                                                        Function 004A127D Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ac5fecdadd8dc301beb5a5fb17c48b4fdabec3587d48163e10cebc4d27805674
                                                                                                                                                                                                        • Instruction ID: d55be3f0ce77678987654f4e69395a9913e5783d37aa9e38467b5a8e56979e9f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac5fecdadd8dc301beb5a5fb17c48b4fdabec3587d48163e10cebc4d27805674
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D51B5B3F106244BF3508D29CC943A27293EB95310F1F8178CE48AB7D9DA7E6D4A6784
                                                                                                                                                                                                        Function 005C031E Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: b23cd5e0a3c9e4b94656f9116fbd7a6638d4e6f67c30fcd6d51919df776fcde4
                                                                                                                                                                                                        • Instruction ID: 2f163506927775858608f6260954e45e4aeffa96584108ee8bac58aa067ccb2d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b23cd5e0a3c9e4b94656f9116fbd7a6638d4e6f67c30fcd6d51919df776fcde4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 324168B3B181245BF304AE3DED487A6BAD6DBC4320F15873DEB95C37C8D57988098682
                                                                                                                                                                                                        Function 005030E1 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c2960e8b44964b8f9f6e7359fd9586ca8252d3ace623e56b34d33151ba0e416f
                                                                                                                                                                                                        • Instruction ID: 7c7cbf61787b4149d4a361e8efa548b380a74233b2f7b59916e169e6583e5d64
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2960e8b44964b8f9f6e7359fd9586ca8252d3ace623e56b34d33151ba0e416f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00519BB3F506254BF34409B8CDA83A27553DBD5310F2F42388E5D9BBC5C9BE9D0A5284
                                                                                                                                                                                                        Function 004A2287 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 79243495569f60cba4887999a99bd4a3f5e473747359958e6cc2d00365b69588
                                                                                                                                                                                                        • Instruction ID: 7674ced471e7d3a74c31169e32a96f8946476fe649f57f1407987fb1ab47698b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79243495569f60cba4887999a99bd4a3f5e473747359958e6cc2d00365b69588
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5516EB7E1162947F3500D28CC583A27253E7E4315F2F41388E8C6B7C6EA7EAD4A5784
                                                                                                                                                                                                        Function 00540012 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 427f84b85db5cda5c2b5db937b30e8b1ced237c2f8ab37ebe1b92f4c9ecbe3e7
                                                                                                                                                                                                        • Instruction ID: 0a28b2f22c6dfb5e24dd7262978c633f365ae839eca857fe50c17ee7129d333d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 427f84b85db5cda5c2b5db937b30e8b1ced237c2f8ab37ebe1b92f4c9ecbe3e7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D341A9B7F205254BF3584D29CD183A27293AB94310F2F413C8F8DA77C5DA7EAD4A5688
                                                                                                                                                                                                        Function 004D101B Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 81e60323c361be568626bf0ac1f88ba4a78eb998b4f02349a63066088f6f7f9f
                                                                                                                                                                                                        • Instruction ID: 2423a3312ae9e6b17af870d11a8633af138d55f537d663a3ac67114fa8a87ed0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81e60323c361be568626bf0ac1f88ba4a78eb998b4f02349a63066088f6f7f9f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 685149F7F1162447F3540929CC683A27252ABA1325F2F41788F4D6B7C1E97EAD0A67C8
                                                                                                                                                                                                        Function 0052C38D Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 68a21a11da30b7425dbc3a46380dca5dd23027f310afaac389a34d33d504ce95
                                                                                                                                                                                                        • Instruction ID: 6f0defc1fedf3fe460af12ef08c73fb1d4a4fdc0efef42765281a944f5965a97
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a21a11da30b7425dbc3a46380dca5dd23027f310afaac389a34d33d504ce95
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41C1B3F116254BF3504D78CC583A2B283ABD5321F2F81788E5CA7BC5EA7E5D4A5284
                                                                                                                                                                                                        Function 004EE4FE Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ffc7d4b11ec4026ec84cf90e6a7ead49210aeaa09a2e6191ef827450f502b733
                                                                                                                                                                                                        • Instruction ID: 1e2dc9004dc3e78ddd70a1f8b6477a38156c7560047c435acf75b865efc76e67
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffc7d4b11ec4026ec84cf90e6a7ead49210aeaa09a2e6191ef827450f502b733
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C41A4B3F216258BF3444E68CC943A27352EB95311F2F42788F589B3C5D6BEAC499784
                                                                                                                                                                                                        Function 005380CA Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 4340c7896241dc710b37a4700b44690900f4ea0ef363df03bcac7ed39bc2ce3b
                                                                                                                                                                                                        • Instruction ID: 37f7b9cbba44758652cbaa2eddf783e3df92e4a7dc8c233b6ccbc16c8d6d7a77
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4340c7896241dc710b37a4700b44690900f4ea0ef363df03bcac7ed39bc2ce3b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7419CB3E116248BF3144E29CC55362B3A2EBD4314F2F81788A896B7C5DA7E6C469784
                                                                                                                                                                                                        Function 005173EA Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 107312ad63b876172c60d65fa95a725964a7ba4db9be01b6d0ddda5cbee63781
                                                                                                                                                                                                        • Instruction ID: 723845d1b334f1cad540c7b0bb58509764e1236aa96d42e128c8405913e6cfef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 107312ad63b876172c60d65fa95a725964a7ba4db9be01b6d0ddda5cbee63781
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A418BB7E209254BF3584D29CC083A27293E7D4310F2F817C8E49AB3D5DE7EAD465684
                                                                                                                                                                                                        Function 00452070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 569070b7d56e9b8ae7f04e3ef272461ccb27e010d50f6f76ee2bd6931e3baf1d
                                                                                                                                                                                                        • Instruction ID: f9af16fd89f73241f91b09849a69c3d8c5ff1a848a49d932a0df263f20322adb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 569070b7d56e9b8ae7f04e3ef272461ccb27e010d50f6f76ee2bd6931e3baf1d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25815FB455E3808FC374DF05D59869BBBE0BB89748F108A1ED4884B350EBB86549CF9B
                                                                                                                                                                                                        Function 004D749A Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f3c163860ca91f7432b251dd5c6d111fae0038f5c715e373d83168d39f345887
                                                                                                                                                                                                        • Instruction ID: 6fc5bc82b60c50a0269c6e448db4abed275e3a5282f25c962cabcbc8d6b38e76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3c163860ca91f7432b251dd5c6d111fae0038f5c715e373d83168d39f345887
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A541BCB7F202254BF3500D38CD183A2A6939BD4320F2F42398E5C6B7C6D9BE5D4A52C4
                                                                                                                                                                                                        Function 004A84EC Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dd369787056605042d946b99e8a541b24496540237f05af609eb70a33903c098
                                                                                                                                                                                                        • Instruction ID: 5489e77678a0af04ec6907410c61af608f70560c4dfa055ead3c7948f118f6b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd369787056605042d946b99e8a541b24496540237f05af609eb70a33903c098
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA313AF3F2152407F3544839CE4939669839BE4314F2F82788E9CABBC9D97E9D4A42C4
                                                                                                                                                                                                        Function 005352A4 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d79f21a263c5f4e3aa1e267ec6eef2d9c5b439874ec016541a891c053f1cddfd
                                                                                                                                                                                                        • Instruction ID: d0074a33161afb4d1ba73d5be053fe60adcc9d428faa3e2405335df2954c8e41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d79f21a263c5f4e3aa1e267ec6eef2d9c5b439874ec016541a891c053f1cddfd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F83118F3F516250BF3548866CC843A265839BD5324F2F81788F4CAB7C6D9BE9D4A5388
                                                                                                                                                                                                        Function 004BF3BF Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0d22e0cdd7f09df21276d4b07814d37c3375d36820a0d6f352ff0004712c4a1b
                                                                                                                                                                                                        • Instruction ID: 6c430898f72b25a2d35cac0eab123baa05b26325b34d841ade3168d91e6befbd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d22e0cdd7f09df21276d4b07814d37c3375d36820a0d6f352ff0004712c4a1b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C03149B3F115254BF3548968CC983A2A693DBD5310F2F82788B4C5BBC9D97E9C4A5284
                                                                                                                                                                                                        Function 00544348 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 91a4e25c26ec7a7db682f283f4758cb9c569e37e1eb7c10f35b3e19d95fb64ce
                                                                                                                                                                                                        • Instruction ID: af722f882a66b81ba30d00d169aa6a3502162f7852f4c096903599867295c10f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91a4e25c26ec7a7db682f283f4758cb9c569e37e1eb7c10f35b3e19d95fb64ce
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB31AFB3E125254BF3540C28CCA43626683EBE4325F2F82788E986B7C6DD3E5C0693C4
                                                                                                                                                                                                        Function 0045A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                        • Instruction ID: 6c27eddb616810e9e5decd27a8b306cea92dbd417edd2a737caadacc1663148e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07312972A086184BC7199D3D4C5026BBA939BC5334F2DC73FEE768B3C2EA788C554246
                                                                                                                                                                                                        Function 00507245 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0d681c141361ddde6e86433e48267bb9006cc81a8e203f30255e1ddcc567bce3
                                                                                                                                                                                                        • Instruction ID: a4deb2d06ffac4d35d8cb46fdc21e14dea6f445e65a4cf5d3d44fa072a813f6a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d681c141361ddde6e86433e48267bb9006cc81a8e203f30255e1ddcc567bce3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D23129F3F5192047F388483ACC683A26583D7D4315F1F81398F4EA7AC5D87E5D4A5288
                                                                                                                                                                                                        Function 004A20E8 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0fae55d5ff337feeacdeb316066012b5b77df539969b6b5764a8a3ccfd0fb1d4
                                                                                                                                                                                                        • Instruction ID: 3ea1e981662955a63b29ee4933de35796a232341ecb3c30f6880cdca96d1838a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0fae55d5ff337feeacdeb316066012b5b77df539969b6b5764a8a3ccfd0fb1d4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5731A5F3F61A254BF3504839CC583A265838BD5321F2F82788E5CAB7C6D87E5D0A52C4
                                                                                                                                                                                                        Function 004F7458 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e40fbcac69b17f843cd890be567ea003b2f5ab3d3a72fabd89793853bbc83562
                                                                                                                                                                                                        • Instruction ID: dbcc642b78a509ccd9f849b4fb98b72c40f59ae3c87578aee24ebf531fe475d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e40fbcac69b17f843cd890be567ea003b2f5ab3d3a72fabd89793853bbc83562
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C33189B3F6112487F7948839CD883922583D7D5325F2F82788D58ABBC9DD7E9D0A5384
                                                                                                                                                                                                        Function 004C24EF Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2f7bffe5eec24bf01b8f931c98f5feed540e9847ebff2700eeaabcae9f342483
                                                                                                                                                                                                        • Instruction ID: c5af9fda57b4870230965592fb538a6d622cee66169a95c5dfa02fc5a0e12fbd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f7bffe5eec24bf01b8f931c98f5feed540e9847ebff2700eeaabcae9f342483
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF3148B3F5062147F3A44879DD49362A5C39BE0324F2B82788F5CA7BC9E87D8D0A1284
                                                                                                                                                                                                        Function 004D70C3 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2cef5ce70dbabc6c9abaa242e84352e760fb2fe5ff6a8bb890cc0ff89834c36a
                                                                                                                                                                                                        • Instruction ID: 45cd38d7350f0070bb8225c671be23d892988b53d3ff5b0ece05124ab68f64a5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cef5ce70dbabc6c9abaa242e84352e760fb2fe5ff6a8bb890cc0ff89834c36a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14313AF7F6162107F3544879DD48357698397D5328F2B8238CE1CAB7CAE97E8D4A4284
                                                                                                                                                                                                        Function 0051414F Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bf693e9ba16fc760c7ba045c0881f6a83fb318e0d5dcf1acf741cbe53b339bcb
                                                                                                                                                                                                        • Instruction ID: 64b544d8edfb65e2c054c72ed4f8c1b52867c111a855e4fc7c9ee7eab99c5103
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf693e9ba16fc760c7ba045c0881f6a83fb318e0d5dcf1acf741cbe53b339bcb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F31ACB3E5192147F3904C78CC58363A692AB95325F2F83388E1C6B7C9DA7E6D0A42C4
                                                                                                                                                                                                        Function 0052C224 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: eb9f21cf18c6621d370dd2890b94c43b3a47992d975f5baf9eddf2a604b4c776
                                                                                                                                                                                                        • Instruction ID: e8b6858e783ae7e3be85963d37632ea9a69831337e5ceaef3baae84db925f7ae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb9f21cf18c6621d370dd2890b94c43b3a47992d975f5baf9eddf2a604b4c776
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46215EB3F1162107F7948878CDA9363A583EBD4315F2B82398A5DA7BC9DD7D5C094284
                                                                                                                                                                                                        Function 00527096 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5f51d9af5f5becf391d53102c110900c8dff6f7a302f8b075a70613e85d271e1
                                                                                                                                                                                                        • Instruction ID: 3c54b5464c0a1e440af7636beeeba5f0c232f1b7b0e87b53e4b8e0da15747b85
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f51d9af5f5becf391d53102c110900c8dff6f7a302f8b075a70613e85d271e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C02162B3E5122547F3944879CE9D36265929B95320F3B43398E2C67AC4DC7D8C495284
                                                                                                                                                                                                        Function 005320F2 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 67d6d3d08d704c5c99b0be9ef9346e98bcac46de250b5a3f2c8e709eafa2f095
                                                                                                                                                                                                        • Instruction ID: 5fa1e6c719547213192439dbeb12b44eb5083032df35272bd62ae635ad49e37c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67d6d3d08d704c5c99b0be9ef9346e98bcac46de250b5a3f2c8e709eafa2f095
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82212CF3F1162047F7548835CCA93A26483A7D5324F3F82798B699B3C6DD7D98465284
                                                                                                                                                                                                        Function 004C3234 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 34c97438346ae7eea5416f65fc45133ed481427f990e424a4d8ee29d12bff0dd
                                                                                                                                                                                                        • Instruction ID: 474cde68701b8367b8555cc8c13dab52e40cb19fb7853f493a298c5859a2cf44
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34c97438346ae7eea5416f65fc45133ed481427f990e424a4d8ee29d12bff0dd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A2137F7E6192007F3584838CD89392654397E4328F2F82798E486B7CADD7E5C4A52C4
                                                                                                                                                                                                        Function 004A30A1 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: c08fc3188469872d5826c02ed874970a8b036f1f7a1648f454aa64543e027cae
                                                                                                                                                                                                        • Instruction ID: cc041439c728d809b34aacdd29be4045182011e49b64f462e4e49a44744693d3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c08fc3188469872d5826c02ed874970a8b036f1f7a1648f454aa64543e027cae
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED2144F3F2062547F3984838CD9836725539B94324F2B42398B4DABBC9CD7E9D4A5388
                                                                                                                                                                                                        Function 004D41EA Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e9e1804648df2032d6e468072a0c30ae9f0aca69c9fcc18e507b00d8de0f7ae1
                                                                                                                                                                                                        • Instruction ID: 99de8b264765ecffc5fa72d9f8ea15f001ecb9a23212968e06929e6d1eb6605c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9e1804648df2032d6e468072a0c30ae9f0aca69c9fcc18e507b00d8de0f7ae1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B921BFB3F517254BF3508869CD883922583DBD0714F2F81388F88A7BC9D9BE58071384
                                                                                                                                                                                                        Function 004D6146 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 93cb5cc435b8235a418c72fa0866753a57d4cf0d00a78abe2dd5739e476b72c5
                                                                                                                                                                                                        • Instruction ID: f66d1b33ecdb7b69ae9cecf3834c072bb5918cd12dabdc17b4f9d1f836763649
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93cb5cc435b8235a418c72fa0866753a57d4cf0d00a78abe2dd5739e476b72c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48213AB3F1162447F3504939CC84352768397E9724F2F82788B586B7CADE7E6D4A4688
                                                                                                                                                                                                        Function 00456210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                        • Instruction ID: 8f14edc8178d997720ad543d599215ffeaef6e5997ebd4fab9643c743ed90778
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14110A336041D40EC3119D3C8500565BFD30AE3335F5A83DAF8B89B2D3D6268D8E8359
                                                                                                                                                                                                        Function 0049906F Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2c977bc200f12b69512a2d5408577bbd5a859dfa26a04de4c3a6eab0173f425b
                                                                                                                                                                                                        • Instruction ID: ba72081893dc8f6991d667abc77d2698181954b589f9e3e4608f0a92abd68164
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c977bc200f12b69512a2d5408577bbd5a859dfa26a04de4c3a6eab0173f425b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8115AB7E1163647F3944879CC94362A18397A5320F2F83789EA8AB7C5E97D6C051284
                                                                                                                                                                                                        Function 005381C4 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 13773753d4e88168d61ad77fd367a9c1ef4f3854428e71db22a293670d84e278
                                                                                                                                                                                                        • Instruction ID: 562754987d5b9185021273657b11dfea92c80f856e63ef443d86f5b620f379d7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13773753d4e88168d61ad77fd367a9c1ef4f3854428e71db22a293670d84e278
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A119EF7E11A244BF3480839CD693A27243D7E5318F1F8278CA29A7BDAEE7D49491244
                                                                                                                                                                                                        Function 0043C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                        • Instruction ID: 94f11996fd2e8756ff1077457609f4e4161256cb8cb9130bbd42994d94b74903
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74F04460104B914AD7328F398564373BFF09F17318F646A4DC9E3576D2D37AD10A8798
                                                                                                                                                                                                        Function 0047C567 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8c6680fed1e105639274db41c23641febf5f5e898d1873538f70577e5f6dde8b
                                                                                                                                                                                                        • Instruction ID: ee15006f13cef44aea06c54c12c36987aae9d4e61edfadde755b4796ae3efada
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c6680fed1e105639274db41c23641febf5f5e898d1873538f70577e5f6dde8b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0118FB051860ECFDB159F15C0487EE77F0EF51311F25881ED98946A81D37A4C94DB4E
                                                                                                                                                                                                        Function 0044E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                        • Instruction ID: f355505afb2f9ef5b7ff12b405e3b79680e4572e76bad45a00f5935191ccc319
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AF06C104087E246E7234B3E44516B3EFD0AB57121B181BD6C8F1973C7C3199457C35A
                                                                                                                                                                                                        Function 0044D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1329183372.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329163061.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329183372.0000000000465000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329243899.0000000000473000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000475000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329258433.0000000000714000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329615483.0000000000715000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329739780.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1329771806.00000000008AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_420000_pTM2NWuTvC.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 08f142259f20560b7096b8fba94bc423787c41a95d83503a26962879d9aafbf7
                                                                                                                                                                                                        • Instruction ID: d5ee04bac77afa1605c26c54b33b3ef4415a73b847195f946762641dee8b7ecc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08f142259f20560b7096b8fba94bc423787c41a95d83503a26962879d9aafbf7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D601F9706442429BD304CF38CDA0567FBA1FB86364F08C79DC45687796C638D442C799