Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tJd3ArrDAm.exe

Overview

General Information

Sample name:tJd3ArrDAm.exe
renamed because original name is a hash value
Original sample name:1d8ce7de6c654dc070433c477adc664f.exe
Analysis ID:1580935
MD5:1d8ce7de6c654dc070433c477adc664f
SHA1:3866802156b203911ad029d11f05b4f3432bc08d
SHA256:7234084f4b2486ece3080e1f9c3c357ab681be71e6c62b3eb95aaafa3fc7eff8
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • tJd3ArrDAm.exe (PID: 6752 cmdline: "C:\Users\user\Desktop\tJd3ArrDAm.exe" MD5: 1D8CE7DE6C654DC070433C477ADC664F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["curverpluch.lat", "shapestickyr.lat", "tentabatte.lat", "talkynicer.lat", "wordyfindy.lat", "observerfry.lat", "slipperyloo.lat", "bashfulacid.lat", "manyrestro.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:59.487086+010020283713Unknown Traffic192.168.2.749701104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.968660+010020584801Domain Observed Used for C2 Detected192.168.2.7552211.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.554370+010020584841Domain Observed Used for C2 Detected192.168.2.7538041.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.045669+010020584921Domain Observed Used for C2 Detected192.168.2.7637281.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.194406+010020585001Domain Observed Used for C2 Detected192.168.2.7618451.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:55.906466+010020585021Domain Observed Used for C2 Detected192.168.2.7519041.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.356419+010020585101Domain Observed Used for C2 Detected192.168.2.7627801.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:56.734525+010020585121Domain Observed Used for C2 Detected192.168.2.7499631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:20:55.759968+010020585141Domain Observed Used for C2 Detected192.168.2.7500101.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:21:00.318304+010028586661Domain Observed Used for C2 Detected192.168.2.749701104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: tJd3ArrDAm.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://talkynicer.lat:443/apivAvira URL Cloud: Label: malware
    Source: https://slipperyloo.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://bashfulacid.lat:443/apiAvira URL Cloud: Label: malware
    Source: https://manyrestro.lat:443/apiNAvira URL Cloud: Label: malware
    Source: https://wordyfindy.lat:443/api0Avira URL Cloud: Label: malware
    Source: https://tentabatte.lat:443/apiAvira URL Cloud: Label: malware
    Found malware configuration
    Source: tJd3ArrDAm.exe.6752.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["curverpluch.lat", "shapestickyr.lat", "tentabatte.lat", "talkynicer.lat", "wordyfindy.lat", "observerfry.lat", "slipperyloo.lat", "bashfulacid.lat", "manyrestro.lat"], "Build id": "PsFKDg--pablo"}
    Multi AV Scanner detection for submitted file
    Source: tJd3ArrDAm.exeVirustotal: Detection: 50%Perma Link
    Source: tJd3ArrDAm.exeReversingLabs: Detection: 65%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: tJd3ArrDAm.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000001.00000003.1274199717.0000000004890000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
    Source: tJd3ArrDAm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49701 version: TLS 1.2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ebx1_2_00068600
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]1_2_000A1720
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008C09E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008E0DA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008C0E6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008C09E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov eax, dword ptr [000A6130h]1_2_00078169
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_000881CC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_00096210
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0007C300
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h1_2_000A0340
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_000883D8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]1_2_0008C465
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008C465
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_00088528
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edi, ecx1_2_0008A5B6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]1_2_000A06F0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then push esi1_2_0006C805
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_00082830
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]1_2_0009C830
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0008C850
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov eax, ebx1_2_0007C8A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]1_2_0007C8A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]1_2_0007C8A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]1_2_0007C8A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h1_2_0009C990
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_000889E9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h1_2_0009CA40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]1_2_00068A50
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_0008AAC0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ecx1_2_00078B1B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]1_2_0006AB40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]1_2_0007EB80
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]1_2_0006CC7A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_00074CA0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ecx1_2_00086D2E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]1_2_000A0D20
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]1_2_0009EDC1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh1_2_0009CDF0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]1_2_0009CDF0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh1_2_0009CDF0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h1_2_0009CDF0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_00082E6D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then jmp edx1_2_00082E6D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]1_2_00082E6D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]1_2_00062EB0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00076F52
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov esi, ecx1_2_000890D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0008D116
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]1_2_000A1160
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0008D17D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h1_2_0008B170
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008D34A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]1_2_000673D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]1_2_000673D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov eax, ebx1_2_00087440
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]1_2_00087440
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov word ptr [eax], cx1_2_0007747D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov word ptr [edx], di1_2_0007747D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]1_2_0007B57D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then jmp eax1_2_00089739
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]1_2_00087740
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov dword ptr [esp+20h], eax1_2_00069780
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then jmp edx1_2_000837D6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0007D8AC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0007D8AC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0007D8D8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0007D8D8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ecx1_2_0007B8F6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ecx1_2_0007B8F6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0008B980
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then jmp edx1_2_000839B9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]1_2_000839B9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00081A10
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then dec edx1_2_0009FA20
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then dec edx1_2_0009FB10
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then dec edx1_2_0009FD70
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008DDFF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then dec edx1_2_0009FE00
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_0008DE07
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edx, ecx1_2_00089E80
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]1_2_00085F1B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 4x nop then mov ecx, eax1_2_0008BF13

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.7:63728 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.7:62780 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.7:50010 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.7:49963 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.7:51904 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.7:53804 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.7:61845 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.7:55221 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49701 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: curverpluch.lat
    Source: Malware configuration extractorURLs: shapestickyr.lat
    Source: Malware configuration extractorURLs: tentabatte.lat
    Source: Malware configuration extractorURLs: talkynicer.lat
    Source: Malware configuration extractorURLs: wordyfindy.lat
    Source: Malware configuration extractorURLs: observerfry.lat
    Source: Malware configuration extractorURLs: slipperyloo.lat
    Source: Malware configuration extractorURLs: bashfulacid.lat
    Source: Malware configuration extractorURLs: manyrestro.lat
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=07c4f9c69cbde285546c103f; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:20:59 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlK equals www.youtube.com (Youtube)
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: observerfry.lat
    Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
    Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
    Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
    Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
    Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
    Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
    Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
    Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bashfulacid.lat:443/api
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://manyrestro.lat:443/apiN
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat:443/api
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://slipperyloo.lat:443/api
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900be
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shopU
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://talkynicer.lat:443/apiv
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tentabatte.lat:443/api
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wordyfindy.lat:443/api0
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49701 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: tJd3ArrDAm.exeStatic PE information: section name:
    Source: tJd3ArrDAm.exeStatic PE information: section name: .idata
    Source: tJd3ArrDAm.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000686001_2_00068600
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0006B1001_2_0006B100
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001340191_2_00134019
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001480071_2_00148007
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001380391_2_00138039
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A20361_2_001A2036
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E603D1_2_000E603D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D00281_2_001D0028
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018E02F1_2_0018E02F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011404A1_2_0011404A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D60691_2_000D6069
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001120751_2_00112075
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F807F1_2_000F807F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016A0651_2_0016A065
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BA0981_2_001BA098
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008C09E1_2_0008C09E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D40BA1_2_000D40BA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001180AF1_2_001180AF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DC0B31_2_000DC0B3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001700A91_2_001700A9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F20CF1_2_000F20CF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001320D21_2_001320D2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008A0CA1_2_0008A0CA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE1_2_001C60DE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C20CB1_2_000C20CB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FC0C61_2_000FC0C6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A00D41_2_001A00D4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E80DF1_2_000E80DF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D00D51_2_000D00D5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001620F01_2_001620F0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008C0E61_2_0008C0E6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000760E91_2_000760E9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017E0F91_2_0017E0F9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B20E01_2_001B20E0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001581111_2_00158111
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C01131_2_001C0113
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001521021_2_00152102
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001861261_2_00186126
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001401461_2_00140146
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008C09E1_2_0008C09E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014814C1_2_0014814C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000661601_2_00066160
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018C1721_2_0018C172
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000781691_2_00078169
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DE1621_2_000DE162
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001161601_2_00116160
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011C16E1_2_0011C16E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F1_2_001AC19F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008E1801_2_0008E180
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016C1981_2_0016C198
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018818A1_2_0018818A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012818B1_2_0012818B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010618C1_2_0010618C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010218D1_2_0010218D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001561B31_2_001561B3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001841B61_2_001841B6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AE1B41_2_001AE1B4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001981A91_2_001981A9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000881CC1_2_000881CC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001661C21_2_001661C2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019E1EE1_2_0019E1EE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B42101_2_001B4210
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010C2081_2_0010C208
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014220E1_2_0014220E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007E2201_2_0007E220
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017C22F1_2_0017C22F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BC2241_2_001BC224
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C624C1_2_000C624C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001642401_2_00164240
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001242761_2_00124276
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CC2791_2_001CC279
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014A2731_2_0014A273
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BE26E1_2_001BE26E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000642701_2_00064270
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018228D1_2_0018228D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001922831_2_00192283
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013E28C1_2_0013E28C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010A2B01_2_0010A2B0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D22C81_2_001D22C8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000842D01_2_000842D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AA2FA1_2_001AA2FA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015E2F31_2_0015E2F3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D42E21_2_000D42E2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001302FC1_2_001302FC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EC3021_2_000EC302
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FE31D1_2_000FE31D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DA3121_2_000DA312
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E032F1_2_000E032F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016C3301_2_0016C330
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012A3501_2_0012A350
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AE35E1_2_001AE35E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F03471_2_000F0347
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001783991_2_00178399
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001623BF1_2_001623BF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BA3B01_2_001BA3B0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010E3A51_2_0010E3A5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016A3AC1_2_0016A3AC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C43D61_2_001C43D6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000883D81_2_000883D8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A83CE1_2_001A83CE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A63E11_2_001A63E1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019C4011_2_0019C401
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018E4021_2_0018E402
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B24001_2_001B2400
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001444271_2_00144427
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013442B1_2_0013442B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C04211_2_001C0421
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C245D1_2_001C245D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009A4401_2_0009A440
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001164481_2_00116448
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012E4731_2_0012E473
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000A04601_2_000A0460
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001684601_2_00168460
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017E4931_2_0017E493
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015249D1_2_0015249D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E64821_2_000E6482
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017049B1_2_0017049B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A04941_2_001A0494
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012C49D1_2_0012C49D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017C4891_2_0017C489
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E44911_2_000E4491
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001144B81_2_001144B8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F04A01_2_000F04A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F84BF1_2_000F84BF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014C4AC1_2_0014C4AC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CE4CE1_2_000CE4CE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DC4CB1_2_000DC4CB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000804C61_2_000804C6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D64DF1_2_000D64DF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B84CF1_2_001B84CF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D24DB1_2_000D24DB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001924FC1_2_001924FC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000824E01_2_000824E0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001184E11_2_001184E1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F44F71_2_000F44F7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001325111_2_00132511
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FC5061_2_000FC506
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001905031_2_00190503
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015653C1_2_0015653C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010C53D1_2_0010C53D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008C53C1_2_0008C53C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C85421_2_000C8542
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CE54B1_2_001CE54B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D05501_2_000D0550
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D05401_2_001D0540
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000845601_2_00084560
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010457D1_2_0010457D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017A57A1_2_0017A57A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E85601_2_000E8560
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C85661_2_001C8566
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018459F1_2_0018459F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013A5821_2_0013A582
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BC5811_2_001BC581
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009C5A01_2_0009C5A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001125D01_2_001125D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DE5C81_2_000DE5C8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001585DD1_2_001585DD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001445C81_2_001445C8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009A5D41_2_0009A5D4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001425FE1_2_001425FE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001365FE1_2_001365FE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D85F81_2_000D85F8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000665F01_2_000665F0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001085E71_2_001085E7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B06101_2_001B0610
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001906071_2_00190607
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B663A1_2_001B663A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007E6301_2_0007E630
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001026271_2_00102627
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001066541_2_00106654
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001866571_2_00186657
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000986501_2_00098650
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CC6561_2_000CC656
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C666F1_2_000C666F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001706701_2_00170670
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016467F1_2_0016467F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017867A1_2_0017867A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0006E6871_2_0006E687
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011C6981_2_0011C698
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018A68B1_2_0018A68B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FE6A01_2_000FE6A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EE6D81_2_000EE6D8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C46DB1_2_000C46DB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000846D01_2_000846D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001286F01_2_001286F0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001946FB1_2_001946FB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001826F31_2_001826F3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000A06F01_2_000A06F0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014A6EF1_2_0014A6EF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001607121_2_00160712
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DA7061_2_000DA706
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011E70C1_2_0011E70C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001007381_2_00100738
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010A7381_2_0010A738
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016673F1_2_0016673F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001107201_2_00110720
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A475F1_2_001A475F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D875D1_2_000D875D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000727501_2_00072750
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012274F1_2_0012274F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FA77D1_2_000FA77D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C476F1_2_001C476F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C679A1_2_001C679A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001887951_2_00188795
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CA7981_2_000CA798
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EC7B01_2_000EC7B0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001967D91_2_001967D9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001547CD1_2_001547CD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001107F51_2_001107F5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A67FF1_2_001A67FF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011A8141_2_0011A814
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001748021_2_00174802
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016E80F1_2_0016E80F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001388391_2_00138839
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BA8271_2_001BA827
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DC84C1_2_000DC84C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C285D1_2_001C285D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013A8501_2_0013A850
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019885A1_2_0019885A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001768521_2_00176852
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0006C8401_2_0006C840
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F08451_2_000F0845
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017E84C1_2_0017E84C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC8451_2_001AC845
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001348761_2_00134876
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001808631_2_00180863
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014486A1_2_0014486A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010A8971_2_0010A897
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B88931_2_001B8893
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FC8821_2_000FC882
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D68801_2_000D6880
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EA89E1_2_000EA89E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007C8A01_2_0007C8A0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000988B01_2_000988B0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019A8D21_2_0019A8D2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001168C81_2_001168C8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C88D11_2_000C88D1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010E8F11_2_0010E8F1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014E8F21_2_0014E8F2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017C8E71_2_0017C8E7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C08EE1_2_001C08EE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D090D1_2_001D090D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F691A1_2_000F691A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000869101_2_00086910
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015290C1_2_0015290C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BA9021_2_001BA902
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E693B1_2_000E693B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012C9531_2_0012C953
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001129541_2_00112954
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013E9411_2_0013E941
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BC9471_2_001BC947
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001629751_2_00162975
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007E9601_2_0007E960
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C89841_2_001C8984
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DE9971_2_000DE997
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001709B81_2_001709B8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FE9BE1_2_000FE9BE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0022E9901_2_0022E990
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B89A21_2_001B89A2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001569D01_2_001569D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CE9CB1_2_000CE9CB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001789C51_2_001789C5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CE9C11_2_001CE9C1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B69D51_2_000B69D5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008C9EB1_2_0008C9EB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000A09E01_2_000A09E0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001409EE1_2_001409EE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001929E71_2_001929E7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DCA001_2_000DCA00
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CAA181_2_000CAA18
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CAA351_2_001CAA35
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00148A3F1_2_00148A3F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00184A341_2_00184A34
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00104A291_2_00104A29
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015CA541_2_0015CA54
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E8A4A1_2_000E8A4A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009CA401_2_0009CA40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00224A721_2_00224A72
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F2A501_2_000F2A50
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00168A771_2_00168A77
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D4A6A1_2_000D4A6A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016AA971_2_0016AA97
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AEA9C1_2_001AEA9C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D0A961_2_001D0A96
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FCAA91_2_000FCAA9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00126AB81_2_00126AB8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00108ABE1_2_00108ABE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012AAA31_2_0012AAA3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00088ABC1_2_00088ABC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00160AAF1_2_00160AAF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EEAB51_2_000EEAB5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00106AAB1_2_00106AAB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00186AD31_2_00186AD3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B2ACF1_2_001B2ACF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A0AF51_2_001A0AF5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018CAE51_2_0018CAE5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C4B1D1_2_001C4B1D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CEB121_2_001CEB12
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00194B011_2_00194B01
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00078B1B1_2_00078B1B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00166B091_2_00166B09
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014CB3F1_2_0014CB3F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FAB221_2_000FAB22
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D2B221_2_000D2B22
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014AB281_2_0014AB28
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CEB321_2_000CEB32
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0006AB401_2_0006AB40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00138B401_2_00138B40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B4B4E1_2_001B4B4E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CCB741_2_001CCB74
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007EB801_2_0007EB80
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00122B9D1_2_00122B9D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018EB841_2_0018EB84
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00146BB51_2_00146BB5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00064BA01_2_00064BA0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C0BAA1_2_000C0BAA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A4BBD1_2_001A4BBD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D6BBD1_2_000D6BBD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00118BA41_2_00118BA4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015CBAE1_2_0015CBAE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012EBC61_2_0012EBC6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C6BD91_2_000C6BD9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013CBCF1_2_0013CBCF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015ABE71_2_0015ABE7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C6BEF1_2_001C6BEF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C8BF41_2_000C8BF4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016EC191_2_0016EC19
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A2C321_2_001A2C32
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00198C7E1_2_00198C7E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F8C8F1_2_000F8C8F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A6C9C1_2_001A6C9C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E0C801_2_000E0C80
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D0C9C1_2_000D0C9C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00074CA01_2_00074CA0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013ACB81_2_0013ACB8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00190CA41_2_00190CA4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00182CCB1_2_00182CCB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010ECFA1_2_0010ECFA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B0CE71_2_001B0CE7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FED091_2_000FED09
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019ED091_2_0019ED09
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015ED011_2_0015ED01
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C8D3E1_2_001C8D3E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00086D2E1_2_00086D2E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00154D321_2_00154D32
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00102D381_2_00102D38
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000A0D201_2_000A0D20
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00106D3B1_2_00106D3B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E4D331_2_000E4D33
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008CD4C1_2_0008CD4C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008CD5E1_2_0008CD5E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00132D7A1_2_00132D7A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F6D611_2_000F6D61
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BCD751_2_001BCD75
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00172D781_2_00172D78
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B8DA11_2_001B8DA1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00116DD91_2_00116DD9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DCDD01_2_000DCDD0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C4DE81_2_000C4DE8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010CDF61_2_0010CDF6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00178DF11_2_00178DF1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CEDE81_2_001CEDE8
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009CDF01_2_0009CDF0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013CE131_2_0013CE13
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00152E1E1_2_00152E1E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018CE091_2_0018CE09
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012CE051_2_0012CE05
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00104E3A1_2_00104E3A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010EE211_2_0010EE21
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00160E2D1_2_00160E2D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00112E401_2_00112E40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B6E401_2_001B6E40
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00080E6C1_2_00080E6C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011EE751_2_0011EE75
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00082E6D1_2_00082E6D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00136E791_2_00136E79
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0008EE631_2_0008EE63
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00156E9F1_2_00156E9F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00170E811_2_00170E81
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011AE891_2_0011AE89
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CAE911_2_000CAE91
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0022CE8A1_2_0022CE8A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00098EA01_2_00098EA0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012AEA61_2_0012AEA6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00164EA21_2_00164EA2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00062EB01_2_00062EB0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007AEB01_2_0007AEB0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E8EB11_2_000E8EB1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016AED11_2_0016AED1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00120EDA1_2_00120EDA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F2EC41_2_000F2EC4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00184ED31_2_00184ED3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F4EDD1_2_000F4EDD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E2EDB1_2_000E2EDB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B4EC61_2_001B4EC6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000ECEE61_2_000ECEE6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CCEE51_2_000CCEE5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00132F1B1_2_00132F1B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00186F131_2_00186F13
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E6F1F1_2_000E6F1F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00176F031_2_00176F03
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CEF281_2_000CEF28
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00162F3E1_2_00162F3E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018AF351_2_0018AF35
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00188F2E1_2_00188F2E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D4F3A1_2_000D4F3A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C0F331_2_000C0F33
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A4F251_2_001A4F25
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00108F531_2_00108F53
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000F8F421_2_000F8F42
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AEF551_2_001AEF55
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00076F521_2_00076F52
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FAF761_2_000FAF76
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00100F941_2_00100F94
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00118F811_2_00118F81
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001D0F861_2_001D0F86
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000C6FB91_2_000C6FB9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A2FA31_2_001A2FA3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D2FB71_2_000D2FB7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00180FD21_2_00180FD2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A6FD51_2_001A6FD5
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C4FC01_2_001C4FC0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0011CFF61_2_0011CFF6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D6FF41_2_000D6FF4
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0007D0031_2_0007D003
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001830151_2_00183015
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0006D0211_2_0006D021
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012503C1_2_0012503C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016B0381_2_0016B038
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014B0261_2_0014B026
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017D0471_2_0017D047
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015B0491_2_0015B049
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012F04F1_2_0012F04F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001990461_2_00199046
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014306B1_2_0014306B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013509F1_2_0013509F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010B0881_2_0010B088
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013D0AA1_2_0013D0AA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001590AB1_2_001590AB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010D0D61_2_0010D0D6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001190DD1_2_001190DD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001750C61_2_001750C6
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001530CE1_2_001530CE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DF0EA1_2_000DF0EA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AB0EE1_2_001AB0EE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013B0EA1_2_0013B0EA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012711A1_2_0012711A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016311E1_2_0016311E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019B1161_2_0019B116
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000D11181_2_000D1118
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001ED1091_2_001ED109
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017F1081_2_0017F108
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B51251_2_001B5125
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001151471_2_00115147
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DD1561_2_000DD156
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CD1401_2_001CD140
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C31431_2_001C3143
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B71791_2_001B7179
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000FD16C1_2_000FD16C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015D1631_2_0015D163
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009F18B1_2_0009F18B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001B11991_2_001B1199
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016F1851_2_0016F185
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010318A1_2_0010318A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000891AE1_2_000891AE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010F1B91_2_0010F1B9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001231D01_2_001231D0
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0013F1D91_2_0013F1D9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001991D31_2_001991D3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0014F1CB1_2_0014F1CB
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001651F71_2_001651F7
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001A91FF1_2_001A91FF
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C92011_2_001C9201
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000712271_2_00071227
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001372301_2_00137230
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001CB2341_2_001CB234
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0019F2321_2_0019F232
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000ED23C1_2_000ED23C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0018D22A1_2_0018D22A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E123D1_2_000E123D
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001672251_2_00167225
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0016B2541_2_0016B254
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AB25E1_2_001AB25E
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000EB2571_2_000EB257
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000CD2561_2_000CD256
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015324F1_2_0015324F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000DF2691_2_000DF269
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001BD26B1_2_001BD26B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000E72701_2_000E7270
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001792921_2_00179292
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C329A1_2_001C329A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000992801_2_00099280
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012B2821_2_0012B282
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0010F28F1_2_0010F28F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0017F2B11_2_0017F2B1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001712CD1_2_001712CD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001332F21_2_001332F2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002213291_2_00221329
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0015731B1_2_0015731B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000693101_2_00069310
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: String function: 00074C90 appears 77 times
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: String function: 00067F60 appears 40 times
    Source: tJd3ArrDAm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: tJd3ArrDAm.exeStatic PE information: Section: ZLIB complexity 0.9995978860294118
    Source: tJd3ArrDAm.exeStatic PE information: Section: ztaiiqml ZLIB complexity 0.9947698920297637
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_00092070 CoCreateInstance,1_2_00092070
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: tJd3ArrDAm.exeVirustotal: Detection: 50%
    Source: tJd3ArrDAm.exeReversingLabs: Detection: 65%
    Source: tJd3ArrDAm.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile read: C:\Users\user\Desktop\tJd3ArrDAm.exeJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSection loaded: dpapi.dllJump to behavior
    Source: tJd3ArrDAm.exeStatic file information: File size 1840640 > 1048576
    Source: tJd3ArrDAm.exeStatic PE information: Raw size of ztaiiqml is bigger than: 0x100000 < 0x197600

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeUnpacked PE file: 1.2.tJd3ArrDAm.exe.60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ztaiiqml:EW;obalvhom:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ztaiiqml:EW;obalvhom:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: tJd3ArrDAm.exeStatic PE information: real checksum: 0x1cac0c should be: 0x1c28e5
    Source: tJd3ArrDAm.exeStatic PE information: section name:
    Source: tJd3ArrDAm.exeStatic PE information: section name: .idata
    Source: tJd3ArrDAm.exeStatic PE information: section name:
    Source: tJd3ArrDAm.exeStatic PE information: section name: ztaiiqml
    Source: tJd3ArrDAm.exeStatic PE information: section name: obalvhom
    Source: tJd3ArrDAm.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B8054 push 6C8D6712h; mov dword ptr [esp], ecx1_2_000B876F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BC067 push eax; mov dword ptr [esp], ecx1_2_000BD226
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BC067 push edi; mov dword ptr [esp], ebp1_2_000BD22F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE push 7FD8FA3Dh; mov dword ptr [esp], ecx1_2_001C65B1
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE push 1CE5C84Dh; mov dword ptr [esp], ebp1_2_001C65B9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE push 3BB048C1h; mov dword ptr [esp], edi1_2_001C65C2
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE push ebx; mov dword ptr [esp], ebp1_2_001C65C9
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001C60DE push ebx; mov dword ptr [esp], 473A50B7h1_2_001C65DC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BE0FA push eax; mov dword ptr [esp], ebx1_2_000BE116
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B813E push 0A48AD9Ah; mov dword ptr [esp], ebx1_2_000B8539
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B817A push 736AB35Bh; mov dword ptr [esp], eax1_2_000B818A
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BA177 push eax; mov dword ptr [esp], 2FDB4ACCh1_2_000BA186
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F push eax; mov dword ptr [esp], 7B4A9B33h1_2_001AC5BD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F push 7928FBC1h; mov dword ptr [esp], ebp1_2_001AC653
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F push edx; mov dword ptr [esp], ebp1_2_001AC685
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F push eax; mov dword ptr [esp], 7FC64700h1_2_001AC700
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_001AC19F push ebp; mov dword ptr [esp], 7FFA3805h1_2_001AC728
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0030C225 push eax; mov dword ptr [esp], edx1_2_0030C264
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0030C225 push 5610388Eh; mov dword ptr [esp], edx1_2_0030C293
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002CC20B push edx; mov dword ptr [esp], esp1_2_002CC24B
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BC28B push 3F0BECD0h; mov dword ptr [esp], ebx1_2_000BC29C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002F42A9 push ecx; mov dword ptr [esp], eax1_2_002F42B3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002F42A9 push eax; mov dword ptr [esp], esp1_2_002F42FC
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000BC2D2 push 3E967F76h; mov dword ptr [esp], ebp1_2_000BF88F
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002BE2CB push edx; mov dword ptr [esp], esi1_2_002BE312
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002BE2CB push edi; mov dword ptr [esp], 5FE18193h1_2_002BE320
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002BE2CB push 52F2F25Ah; mov dword ptr [esp], esp1_2_002BE3AD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_002BE2CB push 46FAD92Ah; mov dword ptr [esp], ecx1_2_002BE3D3
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012C2EC push 630DED92h; mov dword ptr [esp], esi1_2_0012C3AD
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012C2EC push ecx; mov dword ptr [esp], 3842F997h1_2_0012C3CA
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0012C2EC push 2D2EB500h; mov dword ptr [esp], eax1_2_0012C415
    Source: tJd3ArrDAm.exeStatic PE information: section name: entropy: 7.986941204843765
    Source: tJd3ArrDAm.exeStatic PE information: section name: ztaiiqml entropy: 7.954647551573729

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: B9042 second address: B8967 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D1EA8h], eax 0x00000014 push dword ptr [ebp+122D0C95h] 0x0000001a pushad 0x0000001b add edi, 5DE2CDCAh 0x00000021 clc 0x00000022 popad 0x00000023 call dword ptr [ebp+122D3408h] 0x00000029 pushad 0x0000002a jmp 00007FC434CFA5C9h 0x0000002f xor eax, eax 0x00000031 mov dword ptr [ebp+122D1B17h], ecx 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b cld 0x0000003c jnl 00007FC434CFA5BCh 0x00000042 mov dword ptr [ebp+122D2A3Eh], eax 0x00000048 mov dword ptr [ebp+122D1B17h], edx 0x0000004e mov esi, 0000003Ch 0x00000053 jp 00007FC434CFA5BCh 0x00000059 pushad 0x0000005a mov eax, dword ptr [ebp+122D2BEAh] 0x00000060 mov edx, dword ptr [ebp+122D29D6h] 0x00000066 popad 0x00000067 add esi, dword ptr [esp+24h] 0x0000006b jmp 00007FC434CFA5C7h 0x00000070 lodsw 0x00000072 cld 0x00000073 add eax, dword ptr [esp+24h] 0x00000077 cld 0x00000078 mov ebx, dword ptr [esp+24h] 0x0000007c pushad 0x0000007d mov eax, 69F4DB9Ch 0x00000082 mov esi, 35D2C12Ch 0x00000087 popad 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b pushad 0x0000008c jmp 00007FC434CFA5BFh 0x00000091 push eax 0x00000092 push edx 0x00000093 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: B8967 second address: B896C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 234604 second address: 234608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 234608 second address: 234611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 23369D second address: 2336B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC434CFA5B6h 0x0000000a popad 0x0000000b push esi 0x0000000c push esi 0x0000000d pop esi 0x0000000e jnl 00007FC434CFA5B6h 0x00000014 pop esi 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2336B5 second address: 2336D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA18h 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2336D8 second address: 2336E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC434CFA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2336E4 second address: 2336EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC434D4BA06h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 233877 second address: 23387D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 233DB2 second address: 233DD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jmp 00007FC434D4BA18h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 233F2A second address: 233F3C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC434CFA5B6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 233F3C second address: 233F52 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b ja 00007FC434D4BA10h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236380 second address: 236384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236384 second address: 236388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236388 second address: 2363FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007FC434CFA5C2h 0x0000000f push 00000000h 0x00000011 mov cl, ah 0x00000013 mov edx, 798CC9FCh 0x00000018 call 00007FC434CFA5B9h 0x0000001d jmp 00007FC434CFA5C8h 0x00000022 push eax 0x00000023 jmp 00007FC434CFA5BBh 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c push edi 0x0000002d jmp 00007FC434CFA5C9h 0x00000032 pop edi 0x00000033 mov eax, dword ptr [eax] 0x00000035 push ecx 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2363FE second address: 236413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC434D4BA06h 0x0000000a popad 0x0000000b pop ecx 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236413 second address: 2364A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC434CFA5BFh 0x0000000b popad 0x0000000c pop eax 0x0000000d push 00000003h 0x0000000f sub edx, dword ptr [ebp+122D2AC2h] 0x00000015 push 00000000h 0x00000017 mov dx, 4F22h 0x0000001b push 00000003h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007FC434CFA5B8h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 jng 00007FC434CFA5D8h 0x0000003d pushad 0x0000003e call 00007FC434CFA5C1h 0x00000043 pop ebx 0x00000044 jmp 00007FC434CFA5BEh 0x00000049 popad 0x0000004a mov edx, 485CBD7Dh 0x0000004f push 87B7FBFCh 0x00000054 pushad 0x00000055 jmp 00007FC434CFA5C9h 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2364A8 second address: 2364AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2364AC second address: 2364B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2364B0 second address: 236506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 38480404h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FC434D4BA08h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 lea ebx, dword ptr [ebp+124512A3h] 0x0000002e call 00007FC434D4BA18h 0x00000033 add dh, 0000003Dh 0x00000036 pop ecx 0x00000037 xchg eax, ebx 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236506 second address: 236527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5C9h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236527 second address: 236541 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FC434D4BA0Ch 0x00000014 js 00007FC434D4BA06h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236541 second address: 236546 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 23659E second address: 2365C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a or dword ptr [ebp+122D2D6Bh], eax 0x00000010 push 00000000h 0x00000012 adc di, 2425h 0x00000017 push 7C046D52h 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007FC434D4BA08h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236741 second address: 236746 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 236746 second address: 236766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop ecx 0x0000000e nop 0x0000000f mov dx, 368Ah 0x00000013 push 00000000h 0x00000015 stc 0x00000016 push AC98AB9Fh 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2578DC second address: 2578E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2578E2 second address: 257905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC434D4BA16h 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FC434D4BA06h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2558BD second address: 2558C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2558C1 second address: 2558C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2558C9 second address: 2558D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25603A second address: 25603E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25603E second address: 256056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC434CFA5BEh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2561F3 second address: 25620B instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC434D4BA0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FC434D4BA06h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25620B second address: 256231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FC434CFA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jp 00007FC434CFA5CEh 0x00000014 jne 00007FC434CFA5BAh 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007FC434CFA5B6h 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25636B second address: 256398 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA11h 0x00000007 jmp 00007FC434D4BA0Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 256398 second address: 25639C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25639C second address: 2563A6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2563A6 second address: 2563CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC434CFA5BFh 0x00000008 jmp 00007FC434CFA5BFh 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2563CE second address: 2563D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2566BB second address: 2566D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2566D4 second address: 2566EA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434D4BA0Ch 0x00000008 jp 00007FC434D4BA12h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 256863 second address: 25687F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25687F second address: 25688A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC434D4BA06h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 22B03D second address: 22B083 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC434CFA5B8h 0x00000008 jmp 00007FC434CFA5C8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 jmp 00007FC434CFA5BCh 0x00000017 jmp 00007FC434CFA5BEh 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 22B083 second address: 22B087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 22B087 second address: 22B08D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 257778 second address: 257785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FC434D4BA06h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 257785 second address: 257789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 257789 second address: 2577A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2577A7 second address: 2577C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007FC434CFA5C1h 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 259EBB second address: 259ED6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FC434D4BA0Dh 0x00000008 jnc 00007FC434D4BA06h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 259ED6 second address: 259EDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25DA89 second address: 25DA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25DA8D second address: 25DAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5C6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25E15B second address: 25E165 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25E165 second address: 25E16B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25E16B second address: 25E16F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25F216 second address: 25F220 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC434CFA5BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25F220 second address: 25F271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC434D4BA0Eh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FC434D4BA0Eh 0x00000015 mov eax, dword ptr [eax] 0x00000017 ja 00007FC434D4BA1Eh 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25F271 second address: 25F275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 25F275 second address: 25F27B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 22E4CF second address: 22E4D9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434CFA5B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 229565 second address: 229569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 229569 second address: 229573 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 229573 second address: 229578 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 265087 second address: 26509D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5BEh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2651DD second address: 2651FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FC434D4BA0Ah 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268A60 second address: 268A6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268A6A second address: 268A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268A6E second address: 268A86 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jp 00007FC434CFA5BCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268A86 second address: 268A8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268A8E second address: 268AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FC434CFA5BCh 0x00000011 jnp 00007FC434CFA5B6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268AA5 second address: 268AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC434D4BA11h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268AD1 second address: 268B51 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434CFA5C4h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FC434CFA5B8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 call 00007FC434CFA5B9h 0x0000002a js 00007FC434CFA5C3h 0x00000030 jmp 00007FC434CFA5BDh 0x00000035 push eax 0x00000036 jmp 00007FC434CFA5C3h 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FC434CFA5BEh 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 268B51 second address: 268B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 269AC3 second address: 269AC8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 269C99 second address: 269CA3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC434D4BA0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26A13D second address: 26A142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26A142 second address: 26A1EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FC434D4BA08h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D33B1h], ecx 0x0000002c push 00000000h 0x0000002e add dword ptr [ebp+122D1C70h], ebx 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007FC434D4BA08h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 0000001Bh 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 jnp 00007FC434D4BA0Ch 0x00000056 add dword ptr [ebp+122D334Fh], ecx 0x0000005c xchg eax, ebx 0x0000005d push edi 0x0000005e jbe 00007FC434D4BA0Ch 0x00000064 js 00007FC434D4BA06h 0x0000006a pop edi 0x0000006b push eax 0x0000006c jo 00007FC434D4BA3Dh 0x00000072 push eax 0x00000073 push edx 0x00000074 jmp 00007FC434D4BA18h 0x00000079 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26BA10 second address: 26BA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jmp 00007FC434CFA5C6h 0x0000000b push 00000000h 0x0000000d adc edi, 4B23FA34h 0x00000013 add dword ptr [ebp+122D2D71h], ebx 0x00000019 push 00000000h 0x0000001b jmp 00007FC434CFA5C5h 0x00000020 jmp 00007FC434CFA5BFh 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 jp 00007FC434CFA5BCh 0x0000002e js 00007FC434CFA5B6h 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26BA6F second address: 26BA96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC434D4BA17h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jbe 00007FC434D4BA26h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26C61C second address: 26C620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26C620 second address: 26C626 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CF76 second address: 26CF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CF7B second address: 26CF81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26B1F5 second address: 26B205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CF81 second address: 26CFAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC434D4BA0Dh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26B205 second address: 26B209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CFAA second address: 26CFB4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC434D4BA0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CFB4 second address: 26CFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007FC434CFA5BEh 0x0000000c push 00000000h 0x0000000e jng 00007FC434CFA5BCh 0x00000014 adc edi, 165A6A9Ch 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d push ecx 0x0000001e mov dword ptr [ebp+122D27EFh], eax 0x00000024 pop edi 0x00000025 pop esi 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 push eax 0x00000029 push esi 0x0000002a pop esi 0x0000002b pop eax 0x0000002c pushad 0x0000002d jns 00007FC434CFA5B6h 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 popad 0x00000037 push eax 0x00000038 pushad 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26CFF9 second address: 26D004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26D004 second address: 26D008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26DA07 second address: 26DA0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26DA0B second address: 26DA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jnl 00007FC434CFA5BBh 0x0000000f mov dword ptr [ebp+122D334Fh], edi 0x00000015 push 00000000h 0x00000017 clc 0x00000018 mov dword ptr [ebp+122D2885h], edx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007FC434CFA5B8h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a jmp 00007FC434CFA5C6h 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 jng 00007FC434CFA5BCh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26DA71 second address: 26DA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26E5AA second address: 26E5AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26E649 second address: 26E656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FC434D4BA06h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 273092 second address: 273097 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 26F9DD second address: 26F9E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2736E6 second address: 2736FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5C1h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27918C second address: 279192 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 279192 second address: 279197 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 279197 second address: 2791C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push 00000000h 0x0000000d mov bl, ch 0x0000000f push 00000000h 0x00000011 sub bh, FFFFFF9Ch 0x00000014 xchg eax, esi 0x00000015 jmp 00007FC434D4BA0Eh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d js 00007FC434D4BA08h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27B719 second address: 27B786 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jng 00007FC434CFA5B6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 jc 00007FC434CFA5C2h 0x0000001c nop 0x0000001d movsx edi, dx 0x00000020 push 00000000h 0x00000022 mov bh, ah 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007FC434CFA5B8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 0000001Dh 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FC434CFA5C3h 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 279350 second address: 27941A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov edx, dword ptr [ebp+122D2C0Eh] 0x00000011 or dword ptr [ebp+122D2DE0h], edx 0x00000017 popad 0x00000018 mov dword ptr [ebp+122D1C65h], edx 0x0000001e push dword ptr fs:[00000000h] 0x00000025 push 00000000h 0x00000027 push esi 0x00000028 call 00007FC434D4BA08h 0x0000002d pop esi 0x0000002e mov dword ptr [esp+04h], esi 0x00000032 add dword ptr [esp+04h], 00000014h 0x0000003a inc esi 0x0000003b push esi 0x0000003c ret 0x0000003d pop esi 0x0000003e ret 0x0000003f movsx edi, si 0x00000042 jbe 00007FC434D4BA09h 0x00000048 mov bx, dx 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 mov dword ptr [ebp+122D1CE2h], ebx 0x00000058 mov eax, dword ptr [ebp+122D032Dh] 0x0000005e push 00000000h 0x00000060 push eax 0x00000061 call 00007FC434D4BA08h 0x00000066 pop eax 0x00000067 mov dword ptr [esp+04h], eax 0x0000006b add dword ptr [esp+04h], 0000001Bh 0x00000073 inc eax 0x00000074 push eax 0x00000075 ret 0x00000076 pop eax 0x00000077 ret 0x00000078 push FFFFFFFFh 0x0000007a or dword ptr [ebp+122D1F80h], edx 0x00000080 nop 0x00000081 jmp 00007FC434D4BA19h 0x00000086 push eax 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007FC434D4BA12h 0x0000008e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27E3C4 second address: 27E41D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC434CFA5B6h 0x0000000a popad 0x0000000b push esi 0x0000000c jng 00007FC434CFA5B6h 0x00000012 pop esi 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FC434CFA5B8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov bx, dx 0x00000032 push 00000000h 0x00000034 xor dword ptr [ebp+122D2D9Dh], edi 0x0000003a push 00000000h 0x0000003c jg 00007FC434CFA5B8h 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 jnl 00007FC434CFA5B6h 0x0000004c pushad 0x0000004d popad 0x0000004e popad 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27E41D second address: 27E443 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FC434D4BA06h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC434D4BA15h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27D6B4 second address: 27D6E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FC434CFA5BCh 0x0000000c jno 00007FC434CFA5B6h 0x00000012 popad 0x00000013 push eax 0x00000014 jp 00007FC434CFA5D0h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC434CFA5C2h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27F4B9 second address: 27F51B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 sub dword ptr [ebp+122D2CA7h], ecx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FC434D4BA08h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D1BF9h], edx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FC434D4BA08h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c push eax 0x0000004d push edi 0x0000004e pushad 0x0000004f push eax 0x00000050 pop eax 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27E58B second address: 27E590 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27E590 second address: 27E618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 js 00007FC434D4BA0Eh 0x0000000e jno 00007FC434D4BA08h 0x00000014 nop 0x00000015 jmp 00007FC434D4BA11h 0x0000001a push dword ptr fs:[00000000h] 0x00000021 mov edi, dword ptr [ebp+122D349Eh] 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e mov ebx, dword ptr [ebp+12481CEBh] 0x00000034 mov eax, dword ptr [ebp+122D0831h] 0x0000003a mov edi, dword ptr [ebp+122D2B3Ah] 0x00000040 push FFFFFFFFh 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007FC434D4BA08h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 00000015h 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c jno 00007FC434D4BA0Ch 0x00000062 nop 0x00000063 jo 00007FC434D4BA18h 0x00000069 push eax 0x0000006a push edx 0x0000006b jo 00007FC434D4BA06h 0x00000071 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27E618 second address: 27E628 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27F6AB second address: 27F6B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 281201 second address: 281266 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC434CFA5BCh 0x00000008 jp 00007FC434CFA5B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov bx, 1852h 0x00000015 push 00000000h 0x00000017 call 00007FC434CFA5BEh 0x0000001c and di, 86F7h 0x00000021 pop edi 0x00000022 mov di, dx 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007FC434CFA5B8h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 mov bl, 3Bh 0x00000043 mov bx, cx 0x00000046 mov edi, dword ptr [ebp+122D2A72h] 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jns 00007FC434CFA5B6h 0x00000057 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 281266 second address: 28127C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28127C second address: 281281 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 280659 second address: 28066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 282386 second address: 28238A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28238A second address: 2823B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC434D4BA18h 0x0000000b popad 0x0000000c push eax 0x0000000d jo 00007FC434D4BA10h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 285113 second address: 285117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 285117 second address: 28512D instructions: 0x00000000 rdtsc 0x00000002 je 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jnp 00007FC434D4BA1Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 284214 second address: 284219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 284219 second address: 2842A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push ecx 0x0000000b movzx ebx, si 0x0000000e pop edi 0x0000000f push dword ptr fs:[00000000h] 0x00000016 sbb bx, 9A42h 0x0000001b add di, 88DAh 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 mov ebx, 5ECCAD3Eh 0x0000002c mov eax, dword ptr [ebp+122D16FDh] 0x00000032 pushad 0x00000033 mov edi, dword ptr [ebp+122D2C8Bh] 0x00000039 popad 0x0000003a push FFFFFFFFh 0x0000003c push 00000000h 0x0000003e push ebx 0x0000003f call 00007FC434D4BA08h 0x00000044 pop ebx 0x00000045 mov dword ptr [esp+04h], ebx 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc ebx 0x00000052 push ebx 0x00000053 ret 0x00000054 pop ebx 0x00000055 ret 0x00000056 jnp 00007FC434D4BA12h 0x0000005c nop 0x0000005d pushad 0x0000005e js 00007FC434D4BA0Ch 0x00000064 ja 00007FC434D4BA06h 0x0000006a pushad 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2842A2 second address: 2842B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2842B1 second address: 2842B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2842B7 second address: 2842BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 285332 second address: 285338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28CFEE second address: 28CFF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D155 second address: 28D15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D15A second address: 28D16B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC434CFA5BCh 0x00000008 jc 00007FC434CFA5B6h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D16B second address: 28D190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FC434D4BA0Ch 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jc 00007FC434D4BA0Eh 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D190 second address: 28D194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D194 second address: 28D1B0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FC434D4BA17h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 28D2D6 second address: 28D2DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 292495 second address: 292499 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 292499 second address: 2924BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f jnl 00007FC434CFA5B6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 popad 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d pushad 0x0000001e jc 00007FC434CFA5BCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 292652 second address: 2926C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e jns 00007FC434D4BA0Ch 0x00000014 pushad 0x00000015 jno 00007FC434D4BA06h 0x0000001b jmp 00007FC434D4BA14h 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 jmp 00007FC434D4BA0Fh 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d js 00007FC434D4BA25h 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FC434D4BA17h 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2927F2 second address: 2927F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2927F6 second address: 29280B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 29280B second address: 29282C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC434CFA5C3h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 29282C second address: 292830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 292830 second address: 29283A instructions: 0x00000000 rdtsc 0x00000002 je 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 29895C second address: 298968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FC434D4BA06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 298968 second address: 29896D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 29896D second address: 298973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 298973 second address: 298982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FC434CFA5B6h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 298982 second address: 298986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 29761B second address: 297626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 297626 second address: 29762C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2980C8 second address: 2980CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2987DC second address: 298823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA13h 0x00000007 jmp 00007FC434D4BA18h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FC434D4BA18h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 298823 second address: 298840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 298840 second address: 298846 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 220E40 second address: 220E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5BDh 0x00000009 pop edi 0x0000000a jmp 00007FC434CFA5BDh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2A0883 second address: 2A0887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2A5EB4 second address: 2A5ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5C9h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27034F second address: 27035F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270555 second address: 27055A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27088F second address: 270895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270AD4 second address: 270AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270AD9 second address: 270ADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270ADF second address: 270AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270AE3 second address: 270B00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270B58 second address: 270B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5C4h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270B71 second address: 270B98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jl 00007FC434D4BA06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, esi 0x0000000f mov cx, C6D5h 0x00000013 xor dword ptr [ebp+124752ECh], edx 0x00000019 nop 0x0000001a pushad 0x0000001b push esi 0x0000001c jg 00007FC434D4BA06h 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270B98 second address: 270B9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270B9C second address: 270BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007FC434D4BA0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 270BAE second address: 270BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27162A second address: 271640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jl 00007FC434D4BA21h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271640 second address: 271664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271664 second address: 271668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271730 second address: 271753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FC434CFA5C0h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f je 00007FC434CFA5B6h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271753 second address: 271758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271758 second address: 2717A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5C1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FC434CFA5B8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov dword ptr [ebp+1245230Ch], esi 0x0000002d lea eax, dword ptr [ebp+1248B08Bh] 0x00000033 nop 0x00000034 push ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 js 00007FC434CFA5B6h 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2717A4 second address: 2717A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2717A8 second address: 24AE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007FC434CFA5C8h 0x0000000d nop 0x0000000e pushad 0x0000000f mov edi, 326807D4h 0x00000014 mov dword ptr [ebp+122D3231h], edi 0x0000001a popad 0x0000001b call dword ptr [ebp+122D1D95h] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC434CFA5C8h 0x00000028 jno 00007FC434CFA5BCh 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 226082 second address: 226086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 226086 second address: 2260AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5C9h 0x0000000d jc 00007FC434CFA5B6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2A67CA second address: 2A67E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA19h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2A67E7 second address: 2A67F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC434CFA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2A67F4 second address: 2A67FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AB805 second address: 2AB80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2ABEDB second address: 2ABF0D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC434D4BA0Eh 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push edx 0x00000016 pop edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a push esi 0x0000001b jmp 00007FC434D4BA0Dh 0x00000020 pop esi 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2ABF0D second address: 2ABF1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FC434CFA5BCh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AC182 second address: 2AC186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AC186 second address: 2AC1A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jl 00007FC434CFA5B6h 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AC1A8 second address: 2AC1AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AC1AD second address: 2AC1CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5BEh 0x00000009 pop edi 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007FC434CFA5C4h 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2AC605 second address: 2AC61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC434D4BA15h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2B26CA second address: 2B26D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2B557D second address: 2B559E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC434D4BA06h 0x00000008 ja 00007FC434D4BA06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FC434D4BA0Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2B559E second address: 2B55A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BA6E7 second address: 2BA6FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA13h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BACBB second address: 2BACD4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007FC434CFA5BFh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BACD4 second address: 2BACD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BACD8 second address: 2BACE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BACE0 second address: 2BACE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BAE38 second address: 2BAE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BAE3F second address: 2BAE58 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC434D4BA0Eh 0x00000008 push eax 0x00000009 jbe 00007FC434D4BA06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BAE58 second address: 2BAE84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC434CFA5C0h 0x0000000e jno 00007FC434CFA5C3h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BE284 second address: 2BE289 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2BE289 second address: 2BE2C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5C7h 0x00000009 jmp 00007FC434CFA5C9h 0x0000000e popad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C4375 second address: 2C4383 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC434D4BA0Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C30CD second address: 2C3118 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnc 00007FC434CFA5C6h 0x00000010 jmp 00007FC434CFA5C4h 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C322E second address: 2C3232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C3232 second address: 2C3236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C3236 second address: 2C3255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C3255 second address: 2C3292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jc 00007FC434CFA5B6h 0x0000000c popad 0x0000000d jbe 00007FC434CFA5B8h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC434CFA5BDh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC434CFA5C6h 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C3292 second address: 2C32A2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC434D4BA06h 0x00000008 jns 00007FC434D4BA06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27114A second address: 27115A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 27115A second address: 271161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 271161 second address: 2711C5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434CFA5C3h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FC434CFA5B8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov dx, A480h 0x00000029 mov edx, 3FD6D7E7h 0x0000002e push 00000004h 0x00000030 sub edx, 3592CC80h 0x00000036 mov ecx, dword ptr [ebp+122D2C5Eh] 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FC434CFA5BEh 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2711C5 second address: 2711C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2711C9 second address: 2711CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C355D second address: 2C3563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2C3684 second address: 2C36B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434CFA5C4h 0x00000009 pop edi 0x0000000a jmp 00007FC434CFA5C0h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CCD23 second address: 2CCD5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA11h 0x00000007 jnl 00007FC434D4BA0Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007FC434D4BA17h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CAD47 second address: 2CAD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CB013 second address: 2CB018 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CB018 second address: 2CB01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CBE17 second address: 2CBE2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC434D4BA0Ah 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CC426 second address: 2CC434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007FC434CFA5B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CC434 second address: 2CC460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC434D4BA06h 0x0000000a popad 0x0000000b jmp 00007FC434D4BA0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC434D4BA13h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D0C6B second address: 2D0C75 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC434CFA5B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CFF49 second address: 2CFF63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 jmp 00007FC434D4BA0Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CFF63 second address: 2CFF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2CFF67 second address: 2CFF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D00C0 second address: 2D00D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC434CFA5BDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D00D1 second address: 2D00E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D036A second address: 2D0372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D0372 second address: 2D0377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D04E5 second address: 2D04EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D04EB second address: 2D04F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D55C2 second address: 2D55C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D55C6 second address: 2D55CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D55CC second address: 2D55DE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC434CFA5B8h 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FC434CFA5B6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2D55DE second address: 2D55E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DB7E1 second address: 2DB7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DBAAC second address: 2DBAD2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FC434D4BA11h 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DBC48 second address: 2DBC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DBC4C second address: 2DBC52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DBD84 second address: 2DBD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC434CFA5C2h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DCBD5 second address: 2DCBEB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC434D4BA06h 0x00000008 jnc 00007FC434D4BA06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2DCBEB second address: 2DCBEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2E66B6 second address: 2E66BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2E66BA second address: 2E66C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F4621 second address: 2F4625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F4625 second address: 2F463C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FC434CFA5B6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F463C second address: 2F4652 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FC434D4BA06h 0x00000010 jne 00007FC434D4BA06h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F4203 second address: 2F4207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7F44 second address: 2F7F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7F4D second address: 2F7F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7F53 second address: 2F7F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7F57 second address: 2F7F61 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC434CFA5B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7C9E second address: 2F7CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2F7CA2 second address: 2F7CA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 2FCA2F second address: 2FCA41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FC434D4BA06h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 303C2E second address: 303C34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30B61F second address: 30B637 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FC434D4BA06h 0x00000012 jng 00007FC434D4BA06h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30B91D second address: 30B926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30B926 second address: 30B92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30BA7C second address: 30BAA4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jp 00007FC434CFA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC434CFA5C1h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 jng 00007FC434CFA5B6h 0x0000001b pop ebx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30BBE6 second address: 30BBEC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30BEF4 second address: 30BEF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30BEF8 second address: 30BEFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30C819 second address: 30C836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30C836 second address: 30C83A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30C83A second address: 30C844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30C844 second address: 30C84A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30F8B7 second address: 30F8BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 30F446 second address: 30F44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 3141BC second address: 3141C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 3141C2 second address: 3141C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 3141C6 second address: 3141CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 31B374 second address: 31B38C instructions: 0x00000000 rdtsc 0x00000002 je 00007FC434D4BA06h 0x00000008 jmp 00007FC434D4BA0Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 31B38C second address: 31B394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 31B394 second address: 31B398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 31B201 second address: 31B207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32196D second address: 321973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 321973 second address: 32197F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32197F second address: 321985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 321985 second address: 321994 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32D44E second address: 32D452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32D452 second address: 32D456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32D456 second address: 32D45C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32FC52 second address: 32FC7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC434CFA5B6h 0x0000000a jmp 00007FC434CFA5C3h 0x0000000f jmp 00007FC434CFA5BBh 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 32FDBE second address: 32FDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA0Ah 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34510E second address: 34511E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007FC434CFA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34511E second address: 345139 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA16h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 345139 second address: 34513F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 343F5E second address: 343F62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 343F62 second address: 343F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FC434CFA5BCh 0x0000000c jmp 00007FC434CFA5BCh 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 343F82 second address: 343FAC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC434D4BA1Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 343FAC second address: 343FB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34423D second address: 344249 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC434D4BA06h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344249 second address: 344286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 jl 00007FC434CFA5BEh 0x0000000c jng 00007FC434CFA5B6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007FC434CFA5C5h 0x0000001c pushad 0x0000001d jmp 00007FC434CFA5BEh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344286 second address: 34428C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34440C second address: 344425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC434CFA5BFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344425 second address: 344429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344AFF second address: 344B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344B05 second address: 344B3A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC434D4BA06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC434D4BA16h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FC434D4BA0Eh 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 344E41 second address: 344E60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC434CFA5C9h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 346930 second address: 346945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA10h 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 346945 second address: 346999 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC434CFA5BEh 0x00000008 jo 00007FC434CFA5B6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007FC434CFA5BFh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007FC434CFA5BEh 0x0000001e jnp 00007FC434CFA5B6h 0x00000024 jmp 00007FC434CFA5C7h 0x00000029 push ecx 0x0000002a pop ecx 0x0000002b popad 0x0000002c push esi 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34959B second address: 3495C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434D4BA18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC434D4BA0Bh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 3495C5 second address: 3495DD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC434CFA5B8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 3495DD second address: 349621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC434D4BA13h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jo 00007FC434D4BA15h 0x00000014 jmp 00007FC434D4BA0Fh 0x00000019 push esi 0x0000001a js 00007FC434D4BA06h 0x00000020 pop esi 0x00000021 popad 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push ecx 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34B1C7 second address: 34B213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC434CFA5BEh 0x00000007 jmp 00007FC434CFA5C1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FC434CFA5C1h 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jno 00007FC434CFA5B6h 0x0000001e jp 00007FC434CFA5B6h 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34B213 second address: 34B219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34AD70 second address: 34AD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRDTSC instruction interceptor: First address: 34CD86 second address: 34CDAD instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC434D4BA06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC434D4BA13h 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007FC434D4BA06h 0x00000019 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSpecial instruction interceptor: First address: B89A9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSpecial instruction interceptor: First address: 25D8F7 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSpecial instruction interceptor: First address: 2E8A2A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B895C rdtsc 1_2_000B895C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exe TID: 7308Thread sleep time: -30000s >= -30000sJump to behavior
    Source: tJd3ArrDAm.exe, tJd3ArrDAm.exe, 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: tJd3ArrDAm.exe, 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile opened: SICE
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_000B895C rdtsc 1_2_000B895C
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeCode function: 1_2_0009E110 LdrInitializeThunk,1_2_0009E110

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: tJd3ArrDAm.exeString found in binary or memory: bashfulacid.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: tentabatte.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: curverpluch.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: talkynicer.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: shapestickyr.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: manyrestro.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: slipperyloo.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: wordyfindy.lat
    Source: tJd3ArrDAm.exeString found in binary or memory: observerfry.lat
    Source: tJd3ArrDAm.exe, tJd3ArrDAm.exe, 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 3}Program Manager
    Source: C:\Users\user\Desktop\tJd3ArrDAm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    tJd3ArrDAm.exe51%VirustotalBrowse
    tJd3ArrDAm.exe66%ReversingLabsWin32.Ransomware.StealC
    tJd3ArrDAm.exe100%AviraTR/Crypt.XPACK.Gen
    tJd3ArrDAm.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://talkynicer.lat:443/apiv100%Avira URL Cloudmalware
    https://slipperyloo.lat:443/api100%Avira URL Cloudmalware
    https://bashfulacid.lat:443/api100%Avira URL Cloudmalware
    https://manyrestro.lat:443/apiN100%Avira URL Cloudmalware
    https://wordyfindy.lat:443/api0100%Avira URL Cloudmalware
    https://tentabatte.lat:443/api100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      wordyfindy.lat
      		unknown
      		unknownfalse
        		high
        slipperyloo.lat
        		unknown
        		unknownfalse
          		high
          curverpluch.lat
          		unknown
          		unknownfalse
            		high
            tentabatte.lat
            		unknown
            		unknownfalse
              		high
              manyrestro.lat
              		unknown
              		unknownfalse
                		high
                bashfulacid.lat
                		unknown
                		unknownfalse
                  		high
                  shapestickyr.lat
                  		unknown
                  		unknownfalse
                    		high
                    observerfry.lat
                    		unknown
                    		unknownfalse
                      		high
                      talkynicer.lat
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        curverpluch.latfalse
                          		high
                          slipperyloo.latfalse
                            		high
                            tentabatte.latfalse
                              		high
                              manyrestro.latfalse
                                		high
                                bashfulacid.latfalse
                                  		high
                                  observerfry.latfalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        shapestickyr.latfalse
                                          		high
                                          talkynicer.latfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.comtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcaststJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampowered.com/en/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/market/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/news/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://store.steampowered.com/subscriber_agreement/tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgtJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://recaptcha.net/recaptcha/;tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://talkynicer.lat:443/apivtJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.valvesoftware.com/legal.htmtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=entJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/discussions/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://store.steampowered.com/stats/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://medal.tvtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://broadcast.st.dl.eccdnx.comtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&atJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/steam_refunds/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/points/shopUtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://bashfulacid.lat:443/apitJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbacktJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&atJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://manyrestro.lat:443/apiNtJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engltJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://slipperyloo.lat:443/apitJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://s.ytimg.com;tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRitJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/workshop/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://login.steampowered.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbtJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_ctJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/legal/tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=englitJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steam.tv/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://observerfry.lat:443/apitJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=entJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://tentabatte.lat:443/apitJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                              		unknown
                                                                                                                                              http://store.steampowered.com/privacy_agreement/tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/points/shop/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://recaptcha.nettJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://wordyfindy.lat:443/api0tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.comtJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://sketchfab.comtJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://lv.queniujq.cntJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.youtube.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://127.0.0.1:27060tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/privacy_agreement/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amtJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.google.com/recaptcha/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://checkout.steampowered.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amptJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://help.steampowered.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://api.steampowered.com/tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/account/cookiepreferences/tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/mobiletJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://steamcommunity.com/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com:443/profiles/76561199724331900betJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81tJd3ArrDAm.exe, 00000001.00000002.1371301951.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1372017674.0000000000BC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/;tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B69000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327642576.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000002.1371852802.0000000000B69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/about/tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;ltJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BAD000.00000004.00000020.00020000.00000000.sdmp, tJd3ArrDAm.exe, 00000001.00000003.1327604569.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  104.102.49.254
                                                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                                                  		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1580935
                                                                                                                                                                                                  Start date and time:2024-12-26 13:19:57 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 5m 3s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:12
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:tJd3ArrDAm.exe
                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                  Original Sample Name:1d8ce7de6c654dc070433c477adc664f.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  07:20:54API Interceptor2x Sleep call for process: tJd3ArrDAm.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                  • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                  http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  steamcommunity.comgdtJGo7jH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  oQSTpQfzz5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  rkPR0Fo9Cb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  35jPLNPb3r.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  a7Sb42MqYv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  C6xDdWG7hq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  MaZjv5XeQi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  lJEIftsml0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  QBzLk3iR7m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  AKAMAI-ASUSgdtJGo7jH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  oQSTpQfzz5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  rkPR0Fo9Cb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  35jPLNPb3r.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  a7Sb42MqYv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  C6xDdWG7hq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  MaZjv5XeQi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  lJEIftsml0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  QBzLk3iR7m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1gdtJGo7jH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  oQSTpQfzz5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  rkPR0Fo9Cb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  35jPLNPb3r.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  a7Sb42MqYv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  C6xDdWG7hq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  MaZjv5XeQi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  lJEIftsml0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  QBzLk3iR7m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  No created / dropped files found

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.950520765810286
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                  File name:tJd3ArrDAm.exe
                                                                                                                                                                                                  File size:1'840'640 bytes
                                                                                                                                                                                                  MD5:1d8ce7de6c654dc070433c477adc664f
                                                                                                                                                                                                  SHA1:3866802156b203911ad029d11f05b4f3432bc08d
                                                                                                                                                                                                  SHA256:7234084f4b2486ece3080e1f9c3c357ab681be71e6c62b3eb95aaafa3fc7eff8
                                                                                                                                                                                                  SHA512:0d8f0d4e34cfb5989c1aa75ac3945a193a50f32f383dc8ad9bcf7f4e053ce5380b4787f8c0a742ea5d561ee621696c8aaa01ce141cbf35ecc454daf45f0806e0
                                                                                                                                                                                                  SSDEEP:24576:iDHO+LqztVFbtEwqz/oXLZ5GzjV91smwYF0ijKUTwNtAPzYvXy5M70u1kxgkClpJ:iDuuWtV1b541JwWUUeWLYvXYMR1kf
                                                                                                                                                                                                  TLSH:52853322AB32DB6ED90A6A3018AD3105B7F4B670DA4D371D2B7779BDCBF1598E306140
                                                                                                                                                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................H...........@.......................... I...........@.................................Y@..m..

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x88f000
                                                                                                                                                                                                  Entrypoint Section:.taggant
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  jmp 00007FC434B45A5Ah
                                                                                                                                                                                                  pmuludq mm3, qword ptr [ebx]
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add cl, ch
                                                                                                                                                                                                  add byte ptr [eax], ah
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [edi], al
                                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add eax, 0000000Ah
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], dh
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  or byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [0100000Ah], al
                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                  add byte ptr [edi], al
                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                  add byte ptr [edx], al
                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  0x10000x520000x264003bb57bdb1cc386df3ba54ceaf6b37d64False0.9995978860294118data7.986941204843765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  0x550000x2a10000x2002aecb46bd9f1437b120b7601b722ddd4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  ztaiiqml0x2f60000x1980000x19760066b0a63833aa5264c13500ba61bc7866False0.9947698920297637data7.954647551573729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  obalvhom0x48e0000x10000x400133a901d51584d078f148ef1b3273861False0.7119140625data5.72784734173586IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .taggant0x48f0000x30000x2200c98fa9b27f3d2b9b60e190ab18bf0e18False0.072265625DOS executable (COM)0.8649978852928689IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                  RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  kernel32.dlllstrcpy

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                  2024-12-26T13:20:55.759968+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.7500101.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:55.906466+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.7519041.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.045669+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.7637281.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.194406+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.7618451.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.356419+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.7627801.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.554370+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.7538041.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.734525+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.7499631.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:56.968660+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.7552211.1.1.153UDP
                                                                                                                                                                                                  2024-12-26T13:20:59.487086+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749701104.102.49.254443TCP
                                                                                                                                                                                                  2024-12-26T13:21:00.318304+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.749701104.102.49.254443TCP

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.525291920 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.525346994 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.525418043 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.557715893 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.557739019 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.486769915 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.487086058 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.490951061 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.490972996 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.491292000 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.540115118 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.591011047 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:20:59.631341934 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318344116 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318368912 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318407059 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318419933 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318423986 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318450928 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318473101 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318483114 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318496943 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.318521976 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.446367979 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.446419954 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.446465969 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.446495056 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.446517944 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.458190918 CET44349701104.102.49.254192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.459295034 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.487643003 CET49701443192.168.2.7104.102.49.254
                                                                                                                                                                                                  Dec 26, 2024 13:21:00.487685919 CET44349701104.102.49.254192.168.2.7

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.591207981 CET6113853192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.731489897 CET53611381.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.759968042 CET5001053192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.904156923 CET53500101.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.906466007 CET5190453192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.043673038 CET53519041.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.045669079 CET6372853192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.189023018 CET53637281.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.194406033 CET6184553192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.332372904 CET53618451.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.356419086 CET6278053192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.492976904 CET53627801.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.554369926 CET5380453192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.698822975 CET53538041.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.734524965 CET4996353192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.872508049 CET53499631.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.968660116 CET5522153192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.108115911 CET53552211.1.1.1192.168.2.7
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.321691036 CET5122053192.168.2.71.1.1.1
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.462220907 CET53512201.1.1.1192.168.2.7

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.591207981 CET192.168.2.71.1.1.10x8813Standard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.759968042 CET192.168.2.71.1.1.10x2b70Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.906466007 CET192.168.2.71.1.1.10x9ff5Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.045669079 CET192.168.2.71.1.1.10x93d8Standard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.194406033 CET192.168.2.71.1.1.10x9bccStandard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.356419086 CET192.168.2.71.1.1.10x5377Standard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.554369926 CET192.168.2.71.1.1.10x4417Standard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.734524965 CET192.168.2.71.1.1.10x73d3Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.968660116 CET192.168.2.71.1.1.10x3f89Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.321691036 CET192.168.2.71.1.1.10xebccStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.731489897 CET1.1.1.1192.168.2.70x8813Name error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:55.904156923 CET1.1.1.1192.168.2.70x2b70Name error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.043673038 CET1.1.1.1192.168.2.70x9ff5Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.189023018 CET1.1.1.1192.168.2.70x93d8Name error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.332372904 CET1.1.1.1192.168.2.70x9bccName error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.492976904 CET1.1.1.1192.168.2.70x5377Name error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.698822975 CET1.1.1.1192.168.2.70x4417Name error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:56.872508049 CET1.1.1.1192.168.2.70x73d3Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.108115911 CET1.1.1.1192.168.2.70x3f89Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Dec 26, 2024 13:20:57.462220907 CET1.1.1.1192.168.2.70xebccNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • steamcommunity.com

                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.749701104.102.49.2544436752C:\Users\user\Desktop\tJd3ArrDAm.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2024-12-26 12:20:59 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                  2024-12-26 12:21:00 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:20:59 GMT
                                                                                                                                                                                                  Content-Length: 25665
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Set-Cookie: sessionid=07c4f9c69cbde285546c103f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                  2024-12-26 12:21:00 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                  2024-12-26 12:21:00 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                  Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                  Start time:07:20:53
                                                                                                                                                                                                  Start date:26/12/2024
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\tJd3ArrDAm.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\tJd3ArrDAm.exe"
                                                                                                                                                                                                  Imagebase:0x60000
                                                                                                                                                                                                  File size:1'840'640 bytes
                                                                                                                                                                                                  MD5 hash:1D8CE7DE6C654DC070433C477ADC664F
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:0.6%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:27.1%
                                                                                                                                                                                                    Total number of Nodes:59
                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                    execution_graph 21697 9ea29 21698 9ea50 21697->21698 21700 9ea8e 21698->21700 21704 9e110 LdrInitializeThunk 21698->21704 21703 9e110 LdrInitializeThunk 21700->21703 21702 9eb59 21703->21702 21704->21700 21705 9eb88 21706 9eba0 21705->21706 21709 9ebde 21706->21709 21712 9e110 LdrInitializeThunk 21706->21712 21707 9ec4e 21709->21707 21711 9e110 LdrInitializeThunk 21709->21711 21711->21707 21712->21709 21713 68600 21717 6860f 21713->21717 21714 68a48 ExitProcess 21715 68a31 21720 9e080 FreeLibrary 21715->21720 21717->21714 21717->21715 21719 6b7b0 FreeLibrary FreeLibrary 21717->21719 21719->21715 21720->21714 21721 9e760 21723 9e780 21721->21723 21722 9e7be 21723->21722 21725 9e110 LdrInitializeThunk 21723->21725 21725->21722 21731 b9c21 21732 b9fc9 VirtualAlloc 21731->21732 21733 b9fdd 21732->21733 21742 9e967 21743 9e980 21742->21743 21746 9e110 LdrInitializeThunk 21743->21746 21745 9e9ef 21746->21745 21747 6a369 21748 6a430 21747->21748 21748->21748 21751 6b100 21748->21751 21750 6a479 21752 6b190 21751->21752 21752->21752 21754 6b1b5 21752->21754 21755 9e0a0 21752->21755 21754->21750 21756 9e0c0 21755->21756 21757 9e0f3 21755->21757 21758 9e0d4 21755->21758 21760 9e0e8 21755->21760 21756->21757 21756->21758 21762 9c570 21757->21762 21761 9e0d9 RtlReAllocateHeap 21758->21761 21760->21752 21761->21760 21763 9c583 21762->21763 21764 9c585 21762->21764 21763->21760 21765 9c58a RtlFreeHeap 21764->21765 21765->21760 21766 69eb7 21769 9fe00 21766->21769 21770 69ec7 WSAStartup 21769->21770 21776 9c55c RtlAllocateHeap 21777 9679f 21778 967bc 21777->21778 21780 9682d 21778->21780 21781 9e110 LdrInitializeThunk 21778->21781 21781->21778 21782 69d1e 21783 69d40 21782->21783 21783->21783 21784 69d94 LoadLibraryExW 21783->21784 21785 69da5 21784->21785 21786 69e74 LoadLibraryExW 21785->21786 21787 69e85 21786->21787

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 0006B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 0 6b100-6b18b 1 6b190-6b199 0->1 1->1 2 6b19b-6b1ae 1->2 4 6b4f6-6b4fd 2->4 5 6b414-6b4b7 call 67e30 2->5 6 6b4e4-6b4ef 2->6 7 6b1b5-6b1b7 2->7 8 6b4be-6b4c7 2->8 9 6b52f-6b538 2->9 10 6b1bc-6b3db 2->10 11 6b40b-6b40f 2->11 37 6b572-6b592 4->37 5->4 5->6 5->8 5->9 18 6b647-6b657 5->18 19 6b782 5->19 20 6b5e3-6b5f0 5->20 21 6b623-6b640 5->21 22 6b780 5->22 23 6b76f 5->23 24 6b66f-6b687 call 9fe00 5->24 25 6b748-6b76d 5->25 26 6b789 5->26 27 6b689-6b697 5->27 28 6b717-6b732 call 9e0a0 5->28 29 6b5f7-6b60e call 9fe00 5->29 30 6b792-6b79a 5->30 31 6b6f0-6b6f1 5->31 32 6b610-6b61e 5->32 33 6b65e-6b668 5->33 34 6b6fe-6b710 5->34 35 6b79f 5->35 36 6b69c-6b6b1 5->36 6->4 6->9 6->18 6->19 6->20 6->21 6->22 6->23 6->24 6->25 6->26 6->27 6->28 6->29 6->30 6->31 6->32 6->33 6->34 6->35 6->36 38 6b6df-6b6e6 7->38 16 6b4ce-6b4df 8->16 17 6b4ff-6b52a call 9fe00 8->17 13 6b540-6b56a 9->13 12 6b3e0-6b3eb 10->12 14 6b6d3-6b6dc 11->14 12->12 46 6b3ed-6b3f8 12->46 13->13 39 6b56c-6b56f 13->39 14->38 49 6b6c6-6b6d0 16->49 17->49 18->19 18->22 18->23 18->24 18->25 18->26 18->27 18->28 18->29 18->30 18->31 18->32 18->33 18->34 18->35 18->36 19->26 20->29 20->32 21->18 21->19 21->22 21->23 21->24 21->25 21->26 21->27 21->28 21->29 21->30 21->31 21->32 21->33 21->34 21->35 21->36 47 6b774-6b77a 23->47 24->27 25->47 26->30 44 6b7a2-6b7a9 27->44 55 6b737-6b741 28->55 29->32 30->31 53 6b6f8 31->53 42 6b6ba-6b6bd 32->42 33->24 33->27 33->29 33->32 34->19 34->22 34->23 34->24 34->25 34->26 34->27 34->28 34->29 34->32 34->35 35->44 36->42 40 6b5a0-6b5bd 37->40 39->37 40->40 52 6b5bf-6b5dc 40->52 42->49 44->42 62 6b3fb-6b404 46->62 47->22 49->14 52->18 52->19 52->20 52->21 52->22 52->23 52->24 52->25 52->26 52->27 52->28 52->29 52->30 52->31 52->32 52->33 52->34 52->35 52->36 53->34 55->19 55->22 55->23 55->24 55->25 55->26 55->27 55->29 55->32 55->35 62->4 62->5 62->6 62->8 62->9 62->11 62->18 62->19 62->20 62->21 62->22 62->23 62->24 62->25 62->26 62->27 62->28 62->29 62->30 62->31 62->32 62->33 62->34 62->35 62->36
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                    • API String ID: 0-620192811
                                                                                                                                                                                                    • Opcode ID: 77b0579f94abee88daba89e842922a2c0f9c2bae01b253d6698a810966debc1d
                                                                                                                                                                                                    • Instruction ID: 07a0b04c0f2fa28c2e48f1fcfc0208559639966a8bec35ab4918d27142f5ff3a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77b0579f94abee88daba89e842922a2c0f9c2bae01b253d6698a810966debc1d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D0246B1200F01DFE724CF25D891B9BBBE1BB46314F108A2CD5AA8BAA1D779A455CF50
                                                                                                                                                                                                    Function 00068600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 74 68600-68611 call 9d9a0 77 68617-6861e call 962a0 74->77 78 68a48-68a4f ExitProcess 74->78 81 68624-6864a 77->81 82 68a31-68a38 77->82 90 68650-6887f 81->90 91 6864c-6864e 81->91 83 68a43 call 9e080 82->83 84 68a3a-68a40 call 67f60 82->84 83->78 84->83 93 68880-688ce 90->93 91->90 93->93 94 688d0-6891d call 9c540 93->94 97 68920-68943 94->97 98 68964-6897c 97->98 99 68945-68962 97->99 101 68982-68a0b 98->101 102 68a0d-68a1b call 69d00 98->102 99->97 101->102 104 68a20-68a25 102->104 104->82 105 68a27-68a2c call 6cb90 call 6b7b0 104->105 105->82
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 00068A4A
                                                                                                                                                                                                      • Part of subcall function 0006B7B0: FreeLibrary.KERNEL32(00068A31), ref: 0006B7B6
                                                                                                                                                                                                      • Part of subcall function 0006B7B0: FreeLibrary.KERNEL32 ref: 0006B7D7
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                    • String ID: b]u)$}$}
                                                                                                                                                                                                    • API String ID: 1614911148-2900034282
                                                                                                                                                                                                    • Opcode ID: 043d374693a8a9574e0492656efb08332531682a5c6d6cc2cef94886e8301ac5
                                                                                                                                                                                                    • Instruction ID: 57e5c96a48041bcc5b016625f7b66217020d590e96377c8576585a128eabb9f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 043d374693a8a9574e0492656efb08332531682a5c6d6cc2cef94886e8301ac5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DC1F873E187144BC718DF69C84125AF7D6ABC8710F0EC62DA898EB395EA74DC058BC2
                                                                                                                                                                                                    Function 0009E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 182 9e110-9e142 LdrInitializeThunk
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LdrInitializeThunk.NTDLL(000A148A,?,00000018,?,?,00000018,?,?,?), ref: 0009E13E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                    • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                    • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                    Function 000A1720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 184 a1720-a1741 185 a1750-a176b 184->185 185->185 186 a176d-a1779 185->186 187 a177b-a1785 186->187 188 a17e0-a17e5 186->188 189 a1790-a1797 187->189 190 a17eb-a17ff 188->190 191 a1879-a187b 188->191 192 a1799-a17a7 189->192 193 a17ad-a17b5 189->193 196 a1800-a181b 190->196 194 a188d-a1894 191->194 195 a187d-a1884 191->195 192->189 197 a17a9-a17ab 192->197 193->188 198 a17b7-a17d8 call 9e110 193->198 199 a188a 195->199 200 a1886 195->200 196->196 201 a181d-a1828 196->201 197->188 206 a17dd 198->206 199->194 200->199 203 a182a-a1832 201->203 204 a1871-a1873 201->204 207 a1840-a1847 203->207 204->191 205 a1875 204->205 205->191 206->188 208 a1849-a184c 207->208 209 a1850-a1856 207->209 208->207 210 a184e 208->210 209->204 211 a1858-a186e call 9e110 209->211 210->204 211->204
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID: =<32
                                                                                                                                                                                                    • API String ID: 2994545307-852023076
                                                                                                                                                                                                    • Opcode ID: ba39616d33a6eb39f9b3b047668dd767857779a6db449ce217b60e1d082a8d00
                                                                                                                                                                                                    • Instruction ID: 17813539bc3359c74662e57c45d127385d4b4305a9d148247ee7fbe763b3e22b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba39616d33a6eb39f9b3b047668dd767857779a6db449ce217b60e1d082a8d00
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F3127387083049BE7549A94DC91BBFB3E6EB86750F18852CE685572E1DB38DC409782
                                                                                                                                                                                                    Function 00069D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 136 69d1e-69d34 137 69d40-69d52 136->137 137->137 138 69d54-69d7e 137->138 139 69d80-69d92 138->139 139->139 140 69d94-69e13 LoadLibraryExW call 9d960 139->140 143 69e20-69e32 140->143 143->143 144 69e34-69e5e 143->144 145 69e60-69e72 144->145 145->145 146 69e74-69e80 LoadLibraryExW call 9d960 145->146 148 69e85-69e98 146->148
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000), ref: 00069D98
                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000), ref: 00069E78
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                    • Opcode ID: b2b01e7055bf640971637a23f0d6a991256cf57f411f134cb858c16ccd167949
                                                                                                                                                                                                    • Instruction ID: 57e441fd8eeecd55cc051dc6e4c7c877170990cf06b3d075cb5f8b73b449d450
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2b01e7055bf640971637a23f0d6a991256cf57f411f134cb858c16ccd167949
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7741F074E003009FEB649F789992A9A7FB5EB07324F504298D4902F3E6C735940ACBE2
                                                                                                                                                                                                    Function 0009E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 161 9e0a0-9e0b1 162 9e0e8-9e0f1 call 9c540 161->162 163 9e0c0 161->163 164 9e0f3-9e0f4 call 9c570 161->164 165 9e0d4-9e0e6 call 9f990 RtlReAllocateHeap 161->165 166 9e0c6-9e0cd 161->166 173 9e0fe-9e100 162->173 163->166 171 9e0f9-9e0fc 164->171 165->173 166->164 166->165 171->173
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0009E0E0
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: 2b277e981d9087639183a439b9a0f8f9d62ab951614730bd3c1580cd6af03ee1
                                                                                                                                                                                                    • Instruction ID: 9b311d507b7f703627ca96336f22c53f0fff00a2ab00bde277883d17eedfe3dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b277e981d9087639183a439b9a0f8f9d62ab951614730bd3c1580cd6af03ee1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F0E532914612FBEB206F38BD05A9B3BA4EFC7720F060834F4009A121DF7CE8569591
                                                                                                                                                                                                    Function 00069EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 174 69eb7-69ef7 call 9fe00 WSAStartup
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 00069ED2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Startup
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 724789610-0
                                                                                                                                                                                                    • Opcode ID: be09f879c1f85bd20fdb52171c191a4770c85989d8ec205846daa804a4ded65d
                                                                                                                                                                                                    • Instruction ID: 3744ee03f4ce4e6893801f138fcd5ec09129bf07ee4e8d3c75072beb6b38b775
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be09f879c1f85bd20fdb52171c191a4770c85989d8ec205846daa804a4ded65d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE02B33640A029BFB00DB34EC47E9D3356EB573427058428E105C5072EB769520DB10
                                                                                                                                                                                                    Function 0009C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 177 9c570-9c57c 178 9c583-9c584 177->178 179 9c585-9c597 call 9f990 RtlFreeHeap 177->179
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?,0009E0F9), ref: 0009C590
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                    • Opcode ID: 8bb2611e4a4171f832e7ec9e12c212508fbe36a264ca68526acdeb9e001b59c4
                                                                                                                                                                                                    • Instruction ID: 0217138be2a8c591b574b924e6b830a54def7f51c1241636c7a2dc48fbe37c72
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bb2611e4a4171f832e7ec9e12c212508fbe36a264ca68526acdeb9e001b59c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91D01231515532FBDA106F28BC05BD73B54DF49320F070891F404AA075C768EC91DAD4
                                                                                                                                                                                                    Function 0009C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 183 9c55c-9c568 RtlAllocateHeap
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 0009C561
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: f31975a96ba10b0a250b00d9d5077de1fdc4c0f3e4b142dbe1ef9f0518bfad7e
                                                                                                                                                                                                    • Instruction ID: 7144041fcb5a06c71646e0358f70ccf07d59634e37b04b944a028d2e9d1e87ac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f31975a96ba10b0a250b00d9d5077de1fdc4c0f3e4b142dbe1ef9f0518bfad7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36A00271184110DFEA562F24FC09FC47B21EB58721F134391F101590F6D775DC92DA84
                                                                                                                                                                                                    Function 000B9C21 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000), ref: 000B9FCB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                    • Opcode ID: f4d1af0a239dbcc2eee5d1fc841ee765101dcec4fdaaaa4638345a898b40ff0e
                                                                                                                                                                                                    • Instruction ID: 745fd69de7192a9f3769ae20f6cbb49568dc815899fa32ca8d0f71d8ab35aaed
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4d1af0a239dbcc2eee5d1fc841ee765101dcec4fdaaaa4638345a898b40ff0e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DD0C93440C20ECBCB046F7485082DD7AA0EF04322F210714A922C5EC1D7714C909A16

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 000842D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 000843AA
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0008443E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                    • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                    • API String ID: 237503144-1429676654
                                                                                                                                                                                                    • Opcode ID: b73373e71a3f14bbae7c9070039c8af2cffa58ae6b6c31da3fc5633829f29512
                                                                                                                                                                                                    • Instruction ID: 9a573d1c5fdd217cbcb60d0edd75f25f639cee16375635859219120cfb9d232d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b73373e71a3f14bbae7c9070039c8af2cffa58ae6b6c31da3fc5633829f29512
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02C20DB560D3848AE334CF14C8527DFBAF2FB82304F00892DD5E96B255D7B5464A8B9B
                                                                                                                                                                                                    Function 00084560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                    • API String ID: 0-3233044194
                                                                                                                                                                                                    • Opcode ID: 8b8eb7b1b46c86d111b29bb596a12459c1a70e2a9c1661e55e86e682a978fd90
                                                                                                                                                                                                    • Instruction ID: 75722df521fe1d2ddb579c3691d1c6a16e0b61c55ccd0f7da67e6603dd43ba10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b8eb7b1b46c86d111b29bb596a12459c1a70e2a9c1661e55e86e682a978fd90
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BC21DB560C3848AE334CF54C852BDFBAF2FB82304F00892DD5E96B255D7B546498B9B
                                                                                                                                                                                                    Function 00099280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeString
                                                                                                                                                                                                    • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                    • API String ID: 3341692771-1335595022
                                                                                                                                                                                                    • Opcode ID: 04605fa8aecea4926fbcd62ae0d3c26cc91afbd0e72f4967b0dc799654cde5ec
                                                                                                                                                                                                    • Instruction ID: 5c82e0576dc3978994895ee1662651ed221a0494fecaf091fd0b9c84e093c335
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04605fa8aecea4926fbcd62ae0d3c26cc91afbd0e72f4967b0dc799654cde5ec
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F221276A183519BE710CF28C881B5BBBE2EFC5314F18892CF9D49B291DB75D845CB82
                                                                                                                                                                                                    Function 000760E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                    • API String ID: 0-2746398225
                                                                                                                                                                                                    • Opcode ID: f4307a137b0fcee36f6556b7954619a55d440cd2da4beec6396c9b12d1f82727
                                                                                                                                                                                                    • Instruction ID: ddbfe5cb8c5299b3e9c4c54ba6cfdb285e1e770316657a80d23167b992968982
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4307a137b0fcee36f6556b7954619a55d440cd2da4beec6396c9b12d1f82727
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09422672A086518FD7258F24D8917AFB7E2BFD6304F19C53CD4DA87292DB3A9805CB42
                                                                                                                                                                                                    Function 00071227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                    • API String ID: 0-4163809010
                                                                                                                                                                                                    • Opcode ID: 844bd31f5b08894a8745716e469e99a961a1f8d17ee40f84056dcfe1c9df4b20
                                                                                                                                                                                                    • Instruction ID: ddf1e466c82f72e0b83de97fbc901bab3b7114530c16a07eea8d91781d577f4a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 844bd31f5b08894a8745716e469e99a961a1f8d17ee40f84056dcfe1c9df4b20
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12528171A0C7808BD3749B38C4957EEBBE2AB95320F198A2DD5DDC73C2D67889418B47
                                                                                                                                                                                                    Function 0007747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: _^]\
                                                                                                                                                                                                    • API String ID: 0-3116432788
                                                                                                                                                                                                    • Opcode ID: 8c747e558f4564161875726fbfb367f7682cf77106dbf2b5e75cf87a265be95d
                                                                                                                                                                                                    • Instruction ID: 43252e56ef28371500a1db0e2814496ce8def1128622a32cc829c68f046ddefa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c747e558f4564161875726fbfb367f7682cf77106dbf2b5e75cf87a265be95d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C682367190C3518BD724CF28C8917ABB7E1FFC9354F198A6CE8D9972A5E7388801CB56
                                                                                                                                                                                                    Function 00069310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                    • API String ID: 0-3116088196
                                                                                                                                                                                                    • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                    • Instruction ID: 74f02469e6613be369ade03a86722f436724083e1101f31231ca6e79a784748d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FC1347160C3D54BD322CF6994A076BFFD29FD6210F084AACE4D51B386D275890ACB92
                                                                                                                                                                                                    Function 000881CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 000884BD
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 000885B4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                    • String ID: LF7Y$_^]\
                                                                                                                                                                                                    • API String ID: 237503144-3688711800
                                                                                                                                                                                                    • Opcode ID: ede2a127207504151fa5bffaa9cbe33011e0ab606cbf1d633cd82eb945dd5c7b
                                                                                                                                                                                                    • Instruction ID: 0f49ccc926ede568cb1c2c506b532373cb8a93b421d196ec3eca4bf76d152902
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ede2a127207504151fa5bffaa9cbe33011e0ab606cbf1d633cd82eb945dd5c7b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5220071A0C741DFE3249F28D88076EBBE2BFD6310F198A6CE5D9572A2D7349901CB52
                                                                                                                                                                                                    Function 000883D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 000884BD
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 000885B4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                    • String ID: LF7Y$_^]\
                                                                                                                                                                                                    • API String ID: 237503144-3688711800
                                                                                                                                                                                                    • Opcode ID: 4067d5fe684cbcbd930d5af0fd3294c86b325b05be8d4ebbf67220e6fc0cffa1
                                                                                                                                                                                                    • Instruction ID: 08a81f500da5ae6ee0c58cdde00e12a79671ce79e2e7f4670faaba6ff08108dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4067d5fe684cbcbd930d5af0fd3294c86b325b05be8d4ebbf67220e6fc0cffa1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B212FF71A0C741DFE3249F28D88076EBBE1BFDA310F198A6CE5D9572A2D7349901CB52
                                                                                                                                                                                                    Function 000824E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                    • API String ID: 0-1171452581
                                                                                                                                                                                                    • Opcode ID: 595a6f0208d1b4bc570536340da6dc9e4e372d31ddb255352b916a575cd1a2f2
                                                                                                                                                                                                    • Instruction ID: 8c97e6ecaad4499177797357e7424277ebf3b8862e54eab8c90cd0205c8dcbaa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 595a6f0208d1b4bc570536340da6dc9e4e372d31ddb255352b916a575cd1a2f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D91F1B16083009BD720AF25C891B6BB7F5FF95318F18842CF9CA8B292E775D906C756
                                                                                                                                                                                                    Function 00078169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                    • API String ID: 0-3257051659
                                                                                                                                                                                                    • Opcode ID: 9bbfcdbbe53147b185b25593359739734100716cfba537a9c31ce5a969ef2fa0
                                                                                                                                                                                                    • Instruction ID: 0b311a4f4c36d4d1d3ade73715c9c513f7b001d6c9e9ad9bf7173ad869526f98
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bbfcdbbe53147b185b25593359739734100716cfba537a9c31ce5a969ef2fa0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0A15972A547508BD354CF28C8557AFB7E2FBC5314F19CA3DD489DB391EA3889028B85
                                                                                                                                                                                                    Function 001C60DE Relevance: 5.5, Strings: 4, Instructions: 471COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: A!;?$N$u$PQ $kJ;w
                                                                                                                                                                                                    • API String ID: 0-3395845343
                                                                                                                                                                                                    • Opcode ID: de2d7599f8f6207b7ee6ee2006f70a7af6ef219531a8325ccccba509d48d20d1
                                                                                                                                                                                                    • Instruction ID: 855c910e4b558d18b0473c8035bbe128313bc70c4de57a702aa979d85f0d76e5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de2d7599f8f6207b7ee6ee2006f70a7af6ef219531a8325ccccba509d48d20d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6E1EEF3F146104BF3584D29DC9936AB692EBD4320F2B863D9B89977C5E87E5C058384
                                                                                                                                                                                                    Function 000891AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 000891DA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                    • String ID: +Ku$wpq
                                                                                                                                                                                                    • API String ID: 237503144-1953850642
                                                                                                                                                                                                    • Opcode ID: 5c40b4503fbb6dfd76289ed5b769c2d6efa9027df9920e722e952457a3a4a855
                                                                                                                                                                                                    • Instruction ID: 39c9e9af7aadccb3b246da108c4acfd4f128dfcc732eed476997a6183e894f99
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c40b4503fbb6dfd76289ed5b769c2d6efa9027df9920e722e952457a3a4a855
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D151CE7221C3118FC324CF69984076FB7E2EBC5310F15892DE4EACB285DB74D50A8B92
                                                                                                                                                                                                    Function 000890D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00089170
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                    • String ID: M/($M/(
                                                                                                                                                                                                    • API String ID: 237503144-1710806632
                                                                                                                                                                                                    • Opcode ID: acb544c89ce9a6af317de05afc9bc8affd6b054eb8721da7432d2b25a8fadc17
                                                                                                                                                                                                    • Instruction ID: ad429ed64dfc74247c990079379a65d19ea5c106e4fc7f0fa189989260fbaaf7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: acb544c89ce9a6af317de05afc9bc8affd6b054eb8721da7432d2b25a8fadc17
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB21017165C3515BE714CE34988579BB7AAEBC2700F01892CA0D1AB1C5D679880B8792
                                                                                                                                                                                                    Function 0015D163 Relevance: 4.3, Strings: 3, Instructions: 522COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: $$SW$*>{v$Mf>}
                                                                                                                                                                                                    • API String ID: 0-3774531491
                                                                                                                                                                                                    • Opcode ID: 8b653c28a5f094e6db2fed4f0a144c38a0f893aa64073cf02ce56714c9c5cbbe
                                                                                                                                                                                                    • Instruction ID: dbd6f4355de059fe2b15e560161a66ab66a8b0b2ef345c113dd3fda1d516f67c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b653c28a5f094e6db2fed4f0a144c38a0f893aa64073cf02ce56714c9c5cbbe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6002EFF3E146118BF3044E29DC9537AB792EB94320F2F853D9A89A77C4E93E9C058785
                                                                                                                                                                                                    Function 00221329 Relevance: 4.2, Strings: 2, Instructions: 1668COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: HBk]$W}j
                                                                                                                                                                                                    • API String ID: 0-2999627273
                                                                                                                                                                                                    • Opcode ID: 80977b85b83a6582a0beca6885bfaa50f8e1607a3018eb789dcc7b34b10a1b3c
                                                                                                                                                                                                    • Instruction ID: a937ee9ededc4b4df8947fb31a6911014efd64e26410acde62563dbd008ee9df
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80977b85b83a6582a0beca6885bfaa50f8e1607a3018eb789dcc7b34b10a1b3c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6B205F3A0C2009FE3046E2DEC8567ABBE5EF94720F1A493DE6C4C7744EA3598058697
                                                                                                                                                                                                    Function 0008A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                    • API String ID: 0-3117400391
                                                                                                                                                                                                    • Opcode ID: 80d415786046f18ab7384d3dd34e4d98d04033ee67e187c05feb3a7d712a390e
                                                                                                                                                                                                    • Instruction ID: c68b04d59fe391ce1ddc9bacc38de63311e25b41b91399fe6f5eec5fcb41aabc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80d415786046f18ab7384d3dd34e4d98d04033ee67e187c05feb3a7d712a390e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EC1017160C740DFE714EF28DC4166ABBE2BF86324F188A6DF0D9472A2D7399945CB12
                                                                                                                                                                                                    Function 0007D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: [V$bh
                                                                                                                                                                                                    • API String ID: 0-2174178241
                                                                                                                                                                                                    • Opcode ID: 87cac58c1c288967e8f6e014a59d4dc1fe38add6b9bf5804743b7a1ddedadb4f
                                                                                                                                                                                                    • Instruction ID: d1eac5181e233799b186712d27ad7e6b002932174159fb15ead0427eb1783cc1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87cac58c1c288967e8f6e014a59d4dc1fe38add6b9bf5804743b7a1ddedadb4f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F3227B1D01611CBCB24CF28C8916B7B7F1FFA5310F18C259D89A6B391E739A942CB95
                                                                                                                                                                                                    Function 001144B8 Relevance: 3.0, Strings: 2, Instructions: 504COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: c$Q[
                                                                                                                                                                                                    • API String ID: 0-3294714420
                                                                                                                                                                                                    • Opcode ID: d909aa946b65c0aa9b770b74148e25ca3924345f26244c69efa3e20c006f7813
                                                                                                                                                                                                    • Instruction ID: de771ab4931383510ace075de938009d4cb78d982645d0ba9f9619c64231c082
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d909aa946b65c0aa9b770b74148e25ca3924345f26244c69efa3e20c006f7813
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4902BFF3E146108BF3585E38CC99366BAD2EB94320F2B463C8B89977C4D97E5D098785
                                                                                                                                                                                                    Function 00167225 Relevance: 2.9, Strings: 2, Instructions: 406COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: W}O\$`gJ
                                                                                                                                                                                                    • API String ID: 0-2776593548
                                                                                                                                                                                                    • Opcode ID: 3530732175f21c6b519e5829dc1f1d39c348111e8e67483711d0989059fbc096
                                                                                                                                                                                                    • Instruction ID: 5e9e90fb61445db3be955d7bfbcf53a22a8835bf913333791d6fd4e390cb8df8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3530732175f21c6b519e5829dc1f1d39c348111e8e67483711d0989059fbc096
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CD104F3E156244BF3444E28DD99366B692EB94320F2F823CDE58AB7C5E93E5D0942C4
                                                                                                                                                                                                    Function 00064270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: )$IEND
                                                                                                                                                                                                    • API String ID: 0-707183367
                                                                                                                                                                                                    • Opcode ID: 221e61a976dcdcadcec6ed02b6b8640947a3a5c2c82732504d1713c10baae807
                                                                                                                                                                                                    • Instruction ID: e9d37256e9fb8c28327da90e68c2cb1a988a4ac968f95a6c9632ef91661d0916
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 221e61a976dcdcadcec6ed02b6b8640947a3a5c2c82732504d1713c10baae807
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2D1CFB19083449FD720CF18D841B9FBBE1AB95308F14492DF9999B382D7B5E908CB82
                                                                                                                                                                                                    Function 0010E3A5 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: -,$-,
                                                                                                                                                                                                    • API String ID: 0-1076814357
                                                                                                                                                                                                    • Opcode ID: 2936572450135d46f2ba03ed611351b70ac9cfe6ba8945636e1aeb8512e4806a
                                                                                                                                                                                                    • Instruction ID: de3501a65180119b8e39de6671bafd2d72e99953975edd0d9a91af14df75409b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2936572450135d46f2ba03ed611351b70ac9cfe6ba8945636e1aeb8512e4806a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B1BAB3F2162647F3584839CD593A26583DBD5320F2F82788F98ABBC9DC7D4D0A5284
                                                                                                                                                                                                    Function 0012E473 Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: $1bO
                                                                                                                                                                                                    • API String ID: 0-2585083382
                                                                                                                                                                                                    • Opcode ID: adcf7fa2f7ddaa3e7ace1b9f9970f20e6e87ce9b1b99e37235cd8769300b7b3f
                                                                                                                                                                                                    • Instruction ID: edc4e45fdcb8c85a77e37a6daebbb5817c5fe03fd6f86b3fd794d328e61c9c9c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: adcf7fa2f7ddaa3e7ace1b9f9970f20e6e87ce9b1b99e37235cd8769300b7b3f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F1E1B3F142204BF3444D38DD58366B696EB94710F2B823DDE88AB7C8E97D5D098785
                                                                                                                                                                                                    Function 000EC302 Relevance: 1.7, Strings: 1, Instructions: 473COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 'K{_
                                                                                                                                                                                                    • API String ID: 0-1467074274
                                                                                                                                                                                                    • Opcode ID: bbae6ada5c6bdcaf29d0ac2ed311e4b3a0fb415b0e72780aaf3c0ccd712180f2
                                                                                                                                                                                                    • Instruction ID: ac7d2bbc225ba8398bb247a6f3c5a65ea36a93e408f64777b8ac1f04fbfd1e5d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbae6ada5c6bdcaf29d0ac2ed311e4b3a0fb415b0e72780aaf3c0ccd712180f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2F19EF3E012214BF3545929DD98366B693EBD4320F2F82389F98A77C5E97E5D0A4384
                                                                                                                                                                                                    Function 0008D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(1A11171A), ref: 0008D2A4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3664257935-0
                                                                                                                                                                                                    • Opcode ID: 3087fd2b4e368c34fc41167d4169dc6276fbcc755ddf1196d895ca0b97cab23b
                                                                                                                                                                                                    • Instruction ID: b0768190451c59b45a130fb8b426f3ee199767bc877c514c2a3ed8978f426cb4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3087fd2b4e368c34fc41167d4169dc6276fbcc755ddf1196d895ca0b97cab23b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E641C0706043829BE3559B34C9A0F62BFE1FF67314F28869CE5DA4B3A3D62598068B51
                                                                                                                                                                                                    Function 0008D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ><+
                                                                                                                                                                                                    • API String ID: 0-2918635699
                                                                                                                                                                                                    • Opcode ID: 64b194b26c116fb17eddd3f6203b0ad90720f50c12ba1f560d87c92ada76f052
                                                                                                                                                                                                    • Instruction ID: 63f8c3189c1bdea3fe8a2dfd2d626234e0b31962524ee4ed1382998010189274
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64b194b26c116fb17eddd3f6203b0ad90720f50c12ba1f560d87c92ada76f052
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CC1C575604B418FD725CF29C490762FBE2BF9A314F18869EC4DA8B792D735E806CB50
                                                                                                                                                                                                    Function 0008B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: "
                                                                                                                                                                                                    • API String ID: 0-123907689
                                                                                                                                                                                                    • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                    • Instruction ID: 04fb2cd9ff39839438b8df95a6c37052417476ff2839e9efc4b65c474159ab95
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2C118B2A087045BD725AE24C4917AFB7E5BF85310F1C892DE8D98B392E734ED44C792
                                                                                                                                                                                                    Function 0010D0D6 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: g
                                                                                                                                                                                                    • API String ID: 0-30677878
                                                                                                                                                                                                    • Opcode ID: cafe368b6fa8935f22734953100ea21425d5f3e9e55f4b94c3551b32bfba32b1
                                                                                                                                                                                                    • Instruction ID: 6b65b28157a3566194ba5a0b7df96702fe03ca85899cf4a8b56232fca07330c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafe368b6fa8935f22734953100ea21425d5f3e9e55f4b94c3551b32bfba32b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38B19BB3F115214BF3644938CCA83A67683DB95321F2F82788E8D6BBC5D97E5D0A5384
                                                                                                                                                                                                    Function 0015B049 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %
                                                                                                                                                                                                    • API String ID: 0-2567322570
                                                                                                                                                                                                    • Opcode ID: 1d5b2ce9125b22064292945aa7287aea8f15f7b50326b3324a85caa9b4c289cc
                                                                                                                                                                                                    • Instruction ID: 81a4f8b7523efe502312013877b09c00a0d8ada1001a08eb39cb88ce5f177154
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5b2ce9125b22064292945aa7287aea8f15f7b50326b3324a85caa9b4c289cc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85A1BEB3F116254BF3544979CC983A26683DBD0325F2F82388F58ABBC5D87E9D0A5384
                                                                                                                                                                                                    Function 0019B116 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 2
                                                                                                                                                                                                    • API String ID: 0-450215437
                                                                                                                                                                                                    • Opcode ID: 8a604f65bcf6fec2ed57e26e3f08e6d153ce2b45b92b4606f65d2d8528a28fce
                                                                                                                                                                                                    • Instruction ID: e95810ae6695c2f0d1a7382b2a88b59da6cabbe436c876e3db2ec37401341555
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a604f65bcf6fec2ed57e26e3f08e6d153ce2b45b92b4606f65d2d8528a28fce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCA167B3F1212547F3544D69CC983A2A683DBD1315F2F82788E886BBC9E93E5D0A53C4
                                                                                                                                                                                                    Function 0016311E Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %
                                                                                                                                                                                                    • API String ID: 0-2567322570
                                                                                                                                                                                                    • Opcode ID: 3d41f30364b2dd56ba3b37c0be47768b5af3aac8d910d7aa4a04d8af11bbac4d
                                                                                                                                                                                                    • Instruction ID: f133c9255db9577df6cbeb10676bc7f074483e7e3f90ee370138e41ff98947d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d41f30364b2dd56ba3b37c0be47768b5af3aac8d910d7aa4a04d8af11bbac4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52A189B7F115254BF3540968CD583A66683DBD1321F2F82788E4C6BBC9D87E9D0943C4
                                                                                                                                                                                                    Function 0014A273 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: G
                                                                                                                                                                                                    • API String ID: 0-985283518
                                                                                                                                                                                                    • Opcode ID: e52f625dcf90eb05d9567e370e0fa80ce1a14987ec0ccf78a26e4bec0569f870
                                                                                                                                                                                                    • Instruction ID: 7fa1fee4bc32544a7336810c06a9b6862d355d6b2a6ea91cde28c9fe5acba03b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e52f625dcf90eb05d9567e370e0fa80ce1a14987ec0ccf78a26e4bec0569f870
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD918BB3F1162547F3544979CC983627682DB95320F2F42388F4CABBC6E97E9E065288
                                                                                                                                                                                                    Function 00087440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID: _^]\
                                                                                                                                                                                                    • API String ID: 2994545307-3116432788
                                                                                                                                                                                                    • Opcode ID: 18828a6aff8cf1ed2627b896b51e14f6d9f42efe61a4b40ce27b50b35e523f07
                                                                                                                                                                                                    • Instruction ID: 9a45d4964f5af9ed72242f4956c613f006077d93cbcf0d2c32030ca58d15a358
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18828a6aff8cf1ed2627b896b51e14f6d9f42efe61a4b40ce27b50b35e523f07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D710971A0C7005BE764AA28DC92A7B76E1FF82318F28853CE5DA87296E374DC059752
                                                                                                                                                                                                    Function 000C624C Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 3h_
                                                                                                                                                                                                    • API String ID: 0-2750673346
                                                                                                                                                                                                    • Opcode ID: 339685ff8e0cfda018eb89d53ac69f12eb07e95160f02c4181a714d551d0a955
                                                                                                                                                                                                    • Instruction ID: 295bf68ff9bd13d573c9dd2f8822b1af4bdf8e7e5f6c97ec17f66a0001ef1779
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 339685ff8e0cfda018eb89d53ac69f12eb07e95160f02c4181a714d551d0a955
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6791ACB3F1152547F3544D29CCA8362B682DB94324F2F42788E9C6B7C5D97E2D0A97C4
                                                                                                                                                                                                    Function 001A0494 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ew6
                                                                                                                                                                                                    • API String ID: 0-3397874197
                                                                                                                                                                                                    • Opcode ID: d4d3ed1b609e978527befb891b7a9ca1a30c85d7a5b34a226da1a87e3123886e
                                                                                                                                                                                                    • Instruction ID: 8b2c2e57fe1f13cb068490e64d0e8975bb1f7f6519d2969fcfbb624a6a64afbd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4d3ed1b609e978527befb891b7a9ca1a30c85d7a5b34a226da1a87e3123886e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2081DCB7E012354BF3544D78CC98362B692AB95320F2F42788E9CAB7C5D97E6D0997C0
                                                                                                                                                                                                    Function 0008C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: x|*H
                                                                                                                                                                                                    • API String ID: 0-3309880273
                                                                                                                                                                                                    • Opcode ID: 6b78b214b34cfb244530ccca10c3315d9768ef26736cc6d744f6be93c006d01c
                                                                                                                                                                                                    • Instruction ID: 2107ecc46739522cf8105b417af90fde92fea9643db20f8538922f2e5a94e3ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b78b214b34cfb244530ccca10c3315d9768ef26736cc6d744f6be93c006d01c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D87105706047818FE769CF39C4A0B62BBE2BF56304F18C4ADD5D78B797D63598058720
                                                                                                                                                                                                    Function 0006D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: _^]\
                                                                                                                                                                                                    • API String ID: 0-3116432788
                                                                                                                                                                                                    • Opcode ID: c5a4e1686fcf083a05829dfa64090029393b4f5585243bd708fef98df3532c76
                                                                                                                                                                                                    • Instruction ID: a04465363a6a2d7b9478f3d2afb80f03a7d9ec2537de6f8f7162d94c03d1edf5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5a4e1686fcf083a05829dfa64090029393b4f5585243bd708fef98df3532c76
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA510F70B45A008FE7B4CF29D8D0A76B7E3EB56714B19882ED597876A2C271BC02CB51
                                                                                                                                                                                                    Function 0008C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: N&
                                                                                                                                                                                                    • API String ID: 0-3274356042
                                                                                                                                                                                                    • Opcode ID: 67502047ca4354f4a19f350741354e5df449a3afc41484616121296779bac74a
                                                                                                                                                                                                    • Instruction ID: da76107633383b80abdde38d9ccd837d0994795a2d50df94f4c3ce8924b2c4fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67502047ca4354f4a19f350741354e5df449a3afc41484616121296779bac74a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0551E821614B804BEB29CB3A88517B7BBE3BBD7314B5C969DC4D7C7686CA3CE4068710
                                                                                                                                                                                                    Function 0008C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: N&
                                                                                                                                                                                                    • API String ID: 0-3274356042
                                                                                                                                                                                                    • Opcode ID: 2ebaf1d01a698b64360df59d759d9aca91d747664353089e81812196065923f6
                                                                                                                                                                                                    • Instruction ID: 822d06dcd91c96ed9c0865512c9e58af3552c9e7f51fd37dd4040d1850c13f46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ebaf1d01a698b64360df59d759d9aca91d747664353089e81812196065923f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B510925614B804AEB29CB3A88507B37BE3BFD7310F5C969DC4D7D7A86CA3C94068720
                                                                                                                                                                                                    Function 000A1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                                                                    • Opcode ID: c38b022d50efc28f74ecbb772cb9bba172d205e69c6f4c9a9d541a216c1e9d32
                                                                                                                                                                                                    • Instruction ID: afb1e8ca58cdea933be5ab9e08dd8b7deb67d3aa44a7b9d6cba6de4dd75041a2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c38b022d50efc28f74ecbb772cb9bba172d205e69c6f4c9a9d541a216c1e9d32
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B641F2B6A083109BDB14CF54CC56BBBBBE1FFD6354F188A1CE5855B2A0E3759904CB82
                                                                                                                                                                                                    Function 0008C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: AB@|
                                                                                                                                                                                                    • API String ID: 0-3627600888
                                                                                                                                                                                                    • Opcode ID: c5936a091e8b6bac15ca0dec88a0a1a1a8b42663dd6ed814f96282b84c3d66ce
                                                                                                                                                                                                    • Instruction ID: dbc58ca9abdd4e75e815998e97f935b6ee50164e810dc3903652db56ad697c28
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5936a091e8b6bac15ca0dec88a0a1a1a8b42663dd6ed814f96282b84c3d66ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B94103711046928FDB26CF39C8507B2BBF2FF97310B189699C0D28B296D738E845CB51
                                                                                                                                                                                                    Function 00088528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: _^]\
                                                                                                                                                                                                    • API String ID: 0-3116432788
                                                                                                                                                                                                    • Opcode ID: 24f867143b786814d8662bdade132b4ef0aa412987b1e7d4eb6c8a4224c70903
                                                                                                                                                                                                    • Instruction ID: fceefb3c7cb53ba8c96af421ec9d4911126f8d7d40696c8db1ad0de29b0df179
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24f867143b786814d8662bdade132b4ef0aa412987b1e7d4eb6c8a4224c70903
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C21DB7460C6009BD76C9B34C891A3B73E3FB86314F68952CD293526A5CB35D8028B45
                                                                                                                                                                                                    Function 000A0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 2994545307-2766056989
                                                                                                                                                                                                    • Opcode ID: d8152d8357bc5225727905c21243fc3b462c3a4b9d8fa9b5ab51c86088671ad6
                                                                                                                                                                                                    • Instruction ID: 385b9cb3d43047a13fe5cb11ffcf21f8174f3d6d7fb1377dae15d77bfc93599d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8152d8357bc5225727905c21243fc3b462c3a4b9d8fa9b5ab51c86088671ad6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD31E3B16083089BD714DF58D8D167FBBE4FBCA314F14892CE69987290D7359948CB52
                                                                                                                                                                                                    Function 0008E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 031ed195fa556295278d872d6229fde86a617512ce169f2918d886ff4249ad67
                                                                                                                                                                                                    • Instruction ID: ee2fa56e75b1dbf294ce567f5219530b3e3a3d6a283d6b4f38a013862fb9670f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 031ed195fa556295278d872d6229fde86a617512ce169f2918d886ff4249ad67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B62B4F1515B019FD3A1CF69C881793BBE9BB8A310F14891EE1AED7311DB7469018FA2
                                                                                                                                                                                                    Function 000673D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                    • Instruction ID: 2b2aa872654b1baf1dff8c50ac3fc9f6a6d1f6dcbe6be7878ded6fb6b7ff1501
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE22C331A0C7118BD735DF18D8806ABB3E2FFC4319F19892DD9CA97285D734A855CB92
                                                                                                                                                                                                    Function 0014B026 Relevance: .6, Instructions: 558COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 08bf8dd6f7ad98f8cf5219b7b53064ecafa864630361f2bf017b0527c6ec3074
                                                                                                                                                                                                    • Instruction ID: c1d08b14b6cccaf8275e2903d94b5d0a723fe26fba8a54d3ec6abdf86de9b105
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08bf8dd6f7ad98f8cf5219b7b53064ecafa864630361f2bf017b0527c6ec3074
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B02D0F3F105204BF3144A29DC993A6B692DBD4324F2F863D9E88A77C5D87E5C0A42C5
                                                                                                                                                                                                    Function 001590AB Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2f527354bd20a4cb323982c11f15c4b2e24498cb832ae3d6f75f41b706fb4aa9
                                                                                                                                                                                                    • Instruction ID: 9d9ac9cdc5181e6d13b7abc7901a9d298a9cb0563bdcb126d343760ee3547ac2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f527354bd20a4cb323982c11f15c4b2e24498cb832ae3d6f75f41b706fb4aa9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72F1BCF3E146148BF3444E29DC9436AB6D2EBD0321F2B463C9E98973C0E97EAD058785
                                                                                                                                                                                                    Function 0014C4AC Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ad737b50c04bc0fcab2e763473836250997c741fb9ec785fe400fb5fde655679
                                                                                                                                                                                                    • Instruction ID: 058f4b4eda06cdad661e5ded20100731d90c16e4af8800e82afed4027ec8b464
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad737b50c04bc0fcab2e763473836250997c741fb9ec785fe400fb5fde655679
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48E124F3F156204BF3040E29DC94366BA92EBD5325F2F863DDA889B7C8D97D5C098280
                                                                                                                                                                                                    Function 001AC19F Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 353f0c8eaf7531d8d7db2d9162030711d6d3614fddf76be9ad54a6fc6b698571
                                                                                                                                                                                                    • Instruction ID: bc694610e0798f218710efaffd2f683ffe3193017da4d7b848b26d542f03d4ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 353f0c8eaf7531d8d7db2d9162030711d6d3614fddf76be9ad54a6fc6b698571
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE1F5F3F152108BF3544E29DC88366B696EB95320F2F463CDA889B7C4D93E5C0A8785
                                                                                                                                                                                                    Function 0010F1B9 Relevance: .4, Instructions: 443COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e69a12cd7f29328caf2a4d3a6fb8b52df7ac3c082b663689f60f59c12810f325
                                                                                                                                                                                                    • Instruction ID: 4170f15366d3dfb8d1d5a4eb2b6ce3248f17ba4e3f3c548d7657518262d3d613
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e69a12cd7f29328caf2a4d3a6fb8b52df7ac3c082b663689f60f59c12810f325
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6E15AB3F5152807F7644469CD893A2598397E5314F2EC2B8CE886BFCEC9BE4C4B5284
                                                                                                                                                                                                    Function 0010F28F Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bd858786780e0949e46879dbb836df19498ef24d525fc4ea2ce3be6179975197
                                                                                                                                                                                                    • Instruction ID: ecd9c62ae108021bb5866e51db24c745a7e7811e46bce6dfaf69f2503cc184db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd858786780e0949e46879dbb836df19498ef24d525fc4ea2ce3be6179975197
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62D17CB3F5152806F7644479CD893A2598397E5315F2EC2B8CE882BFCEC9BE4C4B5285
                                                                                                                                                                                                    Function 000CE4CE Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 80ceeb2303040110bf914280624f4a9fc62e98a0b913999e96dde363deaae9f6
                                                                                                                                                                                                    • Instruction ID: dccd7e0062f270af2bb60360715397775c9ced4bf5bc6f396692c143edbd8946
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80ceeb2303040110bf914280624f4a9fc62e98a0b913999e96dde363deaae9f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66D1BAB3F116254BF3544979CDA83626683DBD5324F2F82388F4C6BBC6D87E5D0A5284
                                                                                                                                                                                                    Function 0018818A Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a557c811b30d156926100c2bccde012980af29e059c91ae9cb54163f46d3bc8d
                                                                                                                                                                                                    • Instruction ID: c16fbe15b3ed70c4764705dfba29084c3ad79f699a8a1064bf76cf000a3d4052
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a557c811b30d156926100c2bccde012980af29e059c91ae9cb54163f46d3bc8d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6D178B3F1162547F3540978CCA83A266839BA4325F2F42788F5CAB7C5E97E9D0A52C4
                                                                                                                                                                                                    Function 00168460 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9a1e94a247a04ddd4ad1407296a30b181b55b58ac428862a0aab8b16ccf4d61c
                                                                                                                                                                                                    • Instruction ID: ba265997600722ab7df6ddc6e7f278d1ac8cf675332c36a69744b7632124cbe0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a1e94a247a04ddd4ad1407296a30b181b55b58ac428862a0aab8b16ccf4d61c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6D1AAF3E1162547F3544D68CD88362A6439BE4315F2F82788F4CAB7C9D97E9D0A92C4
                                                                                                                                                                                                    Function 0010A2B0 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 87531e18e136d73c3c52a9761bf4c9c7ad9abd3ce4df9d07d9b378a079222940
                                                                                                                                                                                                    • Instruction ID: 84185e1adf0703d58c25891674bdb7f26a2911a56278c6da87d43f7183d8f788
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87531e18e136d73c3c52a9761bf4c9c7ad9abd3ce4df9d07d9b378a079222940
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07C18BF7F1162447F3544839DC583A266839BE4325F2F82788EACAB7C5EC7E5D0A4284
                                                                                                                                                                                                    Function 000FC0C6 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9e81d2fea51400dca2bb59073b6e98233edf8ed38300e55fd5d1197676c61678
                                                                                                                                                                                                    • Instruction ID: c19a11a5d1caeea69274e6ae04e87c9361301f7b9409dce868d2258c920bdba1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e81d2fea51400dca2bb59073b6e98233edf8ed38300e55fd5d1197676c61678
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2C1A8B3F116244BF3584938CC683A26682EB94324F2F82788F5DAB7C5D87E5D0A53C4
                                                                                                                                                                                                    Function 00115147 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8bf2f9929d7796f42e21379106d93ad69707069b846d3fcc6a8b08a94177f151
                                                                                                                                                                                                    • Instruction ID: bd4287e793ebf34e8faeaa64f32e797cf5131262f524658265fb7870ab95c3f2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bf2f9929d7796f42e21379106d93ad69707069b846d3fcc6a8b08a94177f151
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDC19AB3F016254BF3540968CCA83A27693EB95324F2F42788E5CAB7C5D97E9C0A53C4
                                                                                                                                                                                                    Function 001CE54B Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4a8e16b0999c8aafb937576165cb5940927c122774b1e34e83affabd7d989c3f
                                                                                                                                                                                                    • Instruction ID: 7a52b68e580dceed1d41921d95546f341fe65aa77966976c72d19fdd820c5cf5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a8e16b0999c8aafb937576165cb5940927c122774b1e34e83affabd7d989c3f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1C1ACB3F106254BF3944978DDA83A26582DBA5324F2F82788F5CAB7C6D87E5C0953C4
                                                                                                                                                                                                    Function 001623BF Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a1db72e22e373ce3389442d6f6fcd3ba3125de9e64b7b6f0d1b23bf98f696ce3
                                                                                                                                                                                                    • Instruction ID: ef4996494782f93eba238f9df6efbc2800768d5a020752edb5e464ba62426a41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1db72e22e373ce3389442d6f6fcd3ba3125de9e64b7b6f0d1b23bf98f696ce3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DC18EB3F516254BF39448B8CD983A26583DB95320F2F42388F5DAB7C6DC7E5D0A5284
                                                                                                                                                                                                    Function 000E7270 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: faa8815010021edaec6888f3aafcaf99d713d2bcc3d988ebd1054b632003c544
                                                                                                                                                                                                    • Instruction ID: 792e41279d176e1468b64332e1eef8a172d9947f761c0cd7d17f5fab0a10ab96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: faa8815010021edaec6888f3aafcaf99d713d2bcc3d988ebd1054b632003c544
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29C17AB3F116244BF3544929DC983A26683DBE4325F2F82388F5C6B7CAD8BE5C065384
                                                                                                                                                                                                    Function 001700A9 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 65f4c0730ac506c4b683d05a9136d4655abc7cbc468a6453efcc7d08e7f7f873
                                                                                                                                                                                                    • Instruction ID: 083af42099f11978c24cae0c4515b297a492cc42fd35fd8cb4833f975d966b6b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65f4c0730ac506c4b683d05a9136d4655abc7cbc468a6453efcc7d08e7f7f873
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7C178F3F116204BF3884968CDA83A266829B95325F2F82788F5C7B7C5D87E5C0A53C4
                                                                                                                                                                                                    Function 0015E2F3 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d11db842968aad91caeb37fc27184ed75dfe2badaaaeca16692cb646116b1304
                                                                                                                                                                                                    • Instruction ID: f87f1fbd6581e2fcab085612312b1fcb80652564e922b18799e2d3ffeaeac7db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d11db842968aad91caeb37fc27184ed75dfe2badaaaeca16692cb646116b1304
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1C18AB7F116254BF3544839DD983A2658397E4325F3F82388E9C6B7C6EC7E5D0A4280
                                                                                                                                                                                                    Function 0007E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cb7cd286a1fc0621dee10455d4ded65f3a2d65245b0bd6b401c27238c522390b
                                                                                                                                                                                                    • Instruction ID: 06784f11c4e75e03c7fdc533390798c247c67e976d88ff95931be62f85cfd9d8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb7cd286a1fc0621dee10455d4ded65f3a2d65245b0bd6b401c27238c522390b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EB11771904702AFDB208F24CC45B6ABBE2FFC9314F148A6DF498972A1DB769D14CB46
                                                                                                                                                                                                    Function 001BE26E Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 82fa0e577380792043c236619f9d6751667661857aaba18ac3aceff30960514d
                                                                                                                                                                                                    • Instruction ID: ae2a669e5ca7eab1b183cf99765a19cc406924771e392c14d62203bac9e86421
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82fa0e577380792043c236619f9d6751667661857aaba18ac3aceff30960514d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B1ABB3F115254BF3584838CD693A629839BD5324F2F83788E5DABBC5DC7E4D0A5284
                                                                                                                                                                                                    Function 00186126 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e57d34042be555377b8ddf19e3513013ecf300f72c373a8703e3dacfb681aeac
                                                                                                                                                                                                    • Instruction ID: a079f3653027d71c8bfb4c54a3140d081970244c94fdca3126ae471bda631a0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e57d34042be555377b8ddf19e3513013ecf300f72c373a8703e3dacfb681aeac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94B1CEB3F5162547F3684839CC683A265839BD5320F2F82798F5CABBC5DC7E5C0A5284
                                                                                                                                                                                                    Function 0010318A Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b141459783006188c2e0e6d173d0ce249e22f915f49884452f3c7a77a1d26830
                                                                                                                                                                                                    • Instruction ID: 1bbef38000f80ad874a79e4382d6af1f1e5a07d00fd08a82c5b9e064e1a38b4f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b141459783006188c2e0e6d173d0ce249e22f915f49884452f3c7a77a1d26830
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABB1CBB3F115254BF3444938CCA83626683DB95321F2F82788F5CAB7C9D97E9D0A5384
                                                                                                                                                                                                    Function 001231D0 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 29e8cffae44eb81e36eaca886616697924e600115d2065e2958255796ed9c1a2
                                                                                                                                                                                                    • Instruction ID: f0d145d01996cab3a7575516e5fdc8be26613241d1786f69cff271c361e2f055
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29e8cffae44eb81e36eaca886616697924e600115d2065e2958255796ed9c1a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4B19CF3F116244BF3544939DDA83626582DB94324F2F82788F9CAB7C9E87E5D0A52C4
                                                                                                                                                                                                    Function 001D0540 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a64b8be89e21c6f3406b55f7cdb10342b7916a4792e8a840ebbbdfe9aaa37bdc
                                                                                                                                                                                                    • Instruction ID: 83f4d62d6ed24b184f327ebc428f5c545aa272ad2549b6282ba3d250ec336b60
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a64b8be89e21c6f3406b55f7cdb10342b7916a4792e8a840ebbbdfe9aaa37bdc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74B1BDB3F116254BF3544928CCA836266839BA5324F3F42788E6CAB7C5ED7E5D0953C0
                                                                                                                                                                                                    Function 00112075 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c0b0a8a4cead1ce7492f698087f6e383e2530b62f52f89756ad1fcc5c6bc28d3
                                                                                                                                                                                                    • Instruction ID: aea099790937cb0e8603afab41addc7def85624d97496d003c0817a346cfa7c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0b0a8a4cead1ce7492f698087f6e383e2530b62f52f89756ad1fcc5c6bc28d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEB16AB3F5152147F3584839CC683A265839BD5324F3F42788E9D6B7C6DC7E5D0A5284
                                                                                                                                                                                                    Function 0011C16E Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9f452dc3e660d29db57659f80b218f4a39033273a6cd94fa3b9896a8f83f5a9a
                                                                                                                                                                                                    • Instruction ID: 8dda568a1fddedcaf3c4edb8bb5de551af0042dc493d74e5cd29629d53a3a225
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f452dc3e660d29db57659f80b218f4a39033273a6cd94fa3b9896a8f83f5a9a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78B16BB3F506254BF3584978CDA83A266839B94324F2F82788F4D6B7C5D8BE5D0A53C4
                                                                                                                                                                                                    Function 000F20CF Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 69899946ebc52e4ef898dc45aa8cb41c048c31fe09f60ca9104a7b35cd3b4a9c
                                                                                                                                                                                                    • Instruction ID: 7aba5c1d3a245b339924dd298d307308d76d5f85d47344bf64ce67d77045aa35
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69899946ebc52e4ef898dc45aa8cb41c048c31fe09f60ca9104a7b35cd3b4a9c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59B1CEF3F506254BF3544978DC983622583DB95315F2F82388F58ABBC6E87E9C0A5384
                                                                                                                                                                                                    Function 0012818B Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3e4a6dac5814f4b400c857bbacc6559361ad4e2e8f050e7599dabe6ba180b209
                                                                                                                                                                                                    • Instruction ID: 5a5e9ca026e19cefd2c3ad89077f757ade9151a3766b39a9fa6f41564e316cda
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4a6dac5814f4b400c857bbacc6559361ad4e2e8f050e7599dabe6ba180b209
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4B1ADF7F116254BF3540978CD983626682DBA5325F2F83388F68ABBC5D87E9C0952C4
                                                                                                                                                                                                    Function 001CC279 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 65562528f3764370f8462791953b83461e21d415bfb764ece853282207731ae5
                                                                                                                                                                                                    • Instruction ID: 28be985bf9548dccf7014c152e95b88d281c3394535831167588bfe1c49723f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65562528f3764370f8462791953b83461e21d415bfb764ece853282207731ae5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49B180F3F5162247F3544978CD983A62683DB90725F2F82388F986BBC9D87E5D0A5384
                                                                                                                                                                                                    Function 0010C53D Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4125d3b65e13646d4232780dcac2faf24d2cc73046ed468cfc4f9387e6984872
                                                                                                                                                                                                    • Instruction ID: 21d329d5e908fe7eb8b41499e603b0ccec128af76dee5bd9cfe48c7438f9329b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4125d3b65e13646d4232780dcac2faf24d2cc73046ed468cfc4f9387e6984872
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51B1ABB3F506254BF3544938CCA83A23683DB95324F2F42788F59AB7C5D97E9D0A9384
                                                                                                                                                                                                    Function 00158111 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 973420000a12fc622fa2a9ba30c29d40e2efadbe0407cf676c2b3201f6c17337
                                                                                                                                                                                                    • Instruction ID: 1b4561f1d4e57e23b09e453e68558822c53c32573cae729fc7e586eeaa8d6da9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 973420000a12fc622fa2a9ba30c29d40e2efadbe0407cf676c2b3201f6c17337
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66B19AB3F112254BF3484A78CCA93727283EB94314F2F42788B599B7C5DD7E6D099288
                                                                                                                                                                                                    Function 001924FC Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bc06d49729c999f7cad5a3857f2ab9fd87f4a1bd6928d18da6c2baff75b50dda
                                                                                                                                                                                                    • Instruction ID: fe4ef38305e5bb5d56ebf0f699dacf46f776a9f75d796d4b7797ff096e3d5442
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc06d49729c999f7cad5a3857f2ab9fd87f4a1bd6928d18da6c2baff75b50dda
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34B16AF3F1122547F3584C39CD6936665839BA0325F2F823D8E5AAB7C9DC7E5D0A4284
                                                                                                                                                                                                    Function 0012711A Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b46c9b20467b55467de8e27f15cf61d8b51be48473b604569bf603007f533640
                                                                                                                                                                                                    • Instruction ID: b252ec7ae61381fc9875dfbad41e461f1ae31b881839b76ceae4ea57c0e6d66f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b46c9b20467b55467de8e27f15cf61d8b51be48473b604569bf603007f533640
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BB18CF3F1122547F3448969CD983626683EBD5311F2F82788E4CABBC9D97E9D0A5384
                                                                                                                                                                                                    Function 0019E1EE Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a21e311f6428a34b832fb2aa2c731b444b0ea118f6a257ebe6a63353e9a0b340
                                                                                                                                                                                                    • Instruction ID: 2869e40c6307c5628cca31d66612e9a96f4102fa30b9b883d17df78f8fee252f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21e311f6428a34b832fb2aa2c731b444b0ea118f6a257ebe6a63353e9a0b340
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B1ADF7F115214BF3484968CD683A26683EBE0325F2F82388F5D6B7C5E97E5D0A5284
                                                                                                                                                                                                    Function 0014F1CB Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d103f9da187bacad19a13ee51a8b48119551c4f9e1560f94bb9f962a9e755db2
                                                                                                                                                                                                    • Instruction ID: 2a8fe219e46db08cfa5db2a4cf5da26e431658424b9040641748232d1276c888
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d103f9da187bacad19a13ee51a8b48119551c4f9e1560f94bb9f962a9e755db2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0A1AEB3F1152447F3484939CCA93626683EBD5325F2F82788F69AB7C9CC7D9D0A5284
                                                                                                                                                                                                    Function 0015324F Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c4a45d6d583b1cdfaac1ff460a9fcd71e81daabd24a12b42dd7b32766769060f
                                                                                                                                                                                                    • Instruction ID: 00f3b9f1c83cf6694f2c7cd822bebc0850d9b49ff563b1ce666fd9f28998bcfc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4a45d6d583b1cdfaac1ff460a9fcd71e81daabd24a12b42dd7b32766769060f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCA1BCF3F115244BF3444928DC983A27682DB95325F2F82788F5CAB7C5E97E5D0A9388
                                                                                                                                                                                                    Function 00066160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                    • Instruction ID: 570310bfb8583a784a0bc2649ecc7791862fb736add04ac1e66f2cf034ace094
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36C16CB29187418FC370CF68CC86BABB7E1BF85318F08492DD1DAC6242E779A155CB46
                                                                                                                                                                                                    Function 0010618C Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d3acc297bd60d9c5b32dd29545125a323d95ab0a919ce78a2ac70faf1bc85e6b
                                                                                                                                                                                                    • Instruction ID: 43546a20e6a4aa1f2e718ce3f73d57685aee2152f9c83493c6a5a486b68dc683
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3acc297bd60d9c5b32dd29545125a323d95ab0a919ce78a2ac70faf1bc85e6b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAA1ACB3F516254BF3584C79CD983A2A68397D5321F2F83788E685B7C9DCBE5C0A4280
                                                                                                                                                                                                    Function 00132511 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f0bb10cd84a7faaed396e236c9a5410e738189813811281e608a107366873b77
                                                                                                                                                                                                    • Instruction ID: 210f25f0165bb7b6a90d95eff84a109a7a1dd3b8c414431fb18783d3329cb7fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0bb10cd84a7faaed396e236c9a5410e738189813811281e608a107366873b77
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40A1A7B7F116224BF3544978CD983626A839B91324F2F82788F4C6BBC9D97E5D0A53C4
                                                                                                                                                                                                    Function 0015731B Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ff3bc04c0809b86b7d611324b31eac334af5af264270571f1c37f185ef431b2c
                                                                                                                                                                                                    • Instruction ID: 76b72f8563d19057d7d94891c70e75af43bd35220bd2bee4847d37fbcbd8c86f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff3bc04c0809b86b7d611324b31eac334af5af264270571f1c37f185ef431b2c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02A1A9B3F116254BF3944E29DC983627293ABD5310F2F8278CA986B7C5DD3E5C0A9784
                                                                                                                                                                                                    Function 000E6482 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cafa1c739aa3b514c75a2b3badea8500617462d28c7ac0847d2a6e68677a849c
                                                                                                                                                                                                    • Instruction ID: 851d6602a56567917fc67f9d21f42667c8cc3f61308135d537423e9a1551dc20
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafa1c739aa3b514c75a2b3badea8500617462d28c7ac0847d2a6e68677a849c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7A17CB3F2162547F3584929CCA83A26683DBD1325F2F823C8B895B7C9DD7E5D0A5284
                                                                                                                                                                                                    Function 0017D047 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5f9b46892b1a42a29baccae5056c699fe6c837c5cd10c53a24a46c5c04df879c
                                                                                                                                                                                                    • Instruction ID: 11cd179de0f47854893bd3c6f326e6e9858226df750189494e84d337aa4cec16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f9b46892b1a42a29baccae5056c699fe6c837c5cd10c53a24a46c5c04df879c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2A158B3F115244BF3484839CD683A265839BD1325F2F82788F5DABBC9D87E9D0A5284
                                                                                                                                                                                                    Function 001B4210 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f23cfd63cd1be5a1c11a3bb0df04244d0e4870fc69b12f23d5f7776ec8f54b1f
                                                                                                                                                                                                    • Instruction ID: df2baf44ea0d5c898e24e4e6ceb6e615e505548060c5c0f448bf102ddf688d23
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f23cfd63cd1be5a1c11a3bb0df04244d0e4870fc69b12f23d5f7776ec8f54b1f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52A1ADB3F116214BF3984969CC983B27682EB95314F2F42788F4DAB7C1DD7E9D099284
                                                                                                                                                                                                    Function 0012C49D Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0e4230fc0de10eec929fce401a0172c79f992943cda27839b48ffbe93fdb8dae
                                                                                                                                                                                                    • Instruction ID: a181a89a6a31a64eab6ff7070b1a2fa5d9906cf6d24f9b474e8166732c3b83c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e4230fc0de10eec929fce401a0172c79f992943cda27839b48ffbe93fdb8dae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7A177B7F015244BF3404A29CD583A27683ABD5325F3F82788B5C6B7C9D97EAC0A5784
                                                                                                                                                                                                    Function 000E80DF Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7fe35c10e2bdadf03a164017aedfeea3af4bb2dffd5d34bcd40409570ca08226
                                                                                                                                                                                                    • Instruction ID: 32ef13ac5ebd2e4d6cb1f92a32ef177bc2894a1d430412e7fba6f7a9886a3a60
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fe35c10e2bdadf03a164017aedfeea3af4bb2dffd5d34bcd40409570ca08226
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAA19CB3F5162547F3444938CDA83A66683DBD0324F2F823C8E59AB7C5E97E5D0A52C4
                                                                                                                                                                                                    Function 001C0113 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6bc2ccd68c181b96557491929ddd1e2f5f60c07db4c34c121ef620693a4aea5d
                                                                                                                                                                                                    • Instruction ID: 9221bf90c796a6551677a5017b7790247a3fef55edbbe248d1c843fe4eb13e32
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bc2ccd68c181b96557491929ddd1e2f5f60c07db4c34c121ef620693a4aea5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5A1AAB3F1163547F3544978CC983A2A6839BA5321F2F82788E5CAB7C5E87E9D0953C4
                                                                                                                                                                                                    Function 0015653C Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6eb30377c1302ad17deb0fb0261e74c08efbd84867d1cd4fb62cfe771a191e7c
                                                                                                                                                                                                    • Instruction ID: 98a632bbba9e58f2b67fd4e14e0610c5fabb81b5df8efcf97bbe2f185b05af47
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6eb30377c1302ad17deb0fb0261e74c08efbd84867d1cd4fb62cfe771a191e7c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9A19CB3F216264BF3444D38CD993627682DB94325F3F42388F58AB7C5D97E9D0A5284
                                                                                                                                                                                                    Function 00138039 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 04268b709a1ce9182222b1cc07ad1b59df11cdba45a7a14fd3aa756c49bdb894
                                                                                                                                                                                                    • Instruction ID: f10074c78fd01d164ceaf0d52ecea065bb29f5166f64b9fb4d40849b95984d26
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04268b709a1ce9182222b1cc07ad1b59df11cdba45a7a14fd3aa756c49bdb894
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17A19CB3F216254BF3544939CC983A26683D7D5321F2F82788E5CAB7C5D87E9D0A5384
                                                                                                                                                                                                    Function 001BA3B0 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2271f7a899a7ee3c39de1ccf3fa02a9bf68faacfef963bc717e2db7c59d5a299
                                                                                                                                                                                                    • Instruction ID: efd5af359bf847dd5a009083d72b1397f29ebf16f0eecd0ac886899357108e97
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2271f7a899a7ee3c39de1ccf3fa02a9bf68faacfef963bc717e2db7c59d5a299
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39A19BB7F116254BF3444938CC983A26683EBD4324F3F82388E59AB7C5D97E9D0A5384
                                                                                                                                                                                                    Function 000E032F Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: db3df714f0cb00db42055ce888fc1149962045806fea6fac587e3fe6e1ce5a0c
                                                                                                                                                                                                    • Instruction ID: 5bdf93eba3d939e58e5835447603c17be98df88c05119ecb15099fbbb8774459
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db3df714f0cb00db42055ce888fc1149962045806fea6fac587e3fe6e1ce5a0c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22A178F7F116254BF3584929CC683722683DBD5325F2F82788B8AAB7C5D83E5D0A5384
                                                                                                                                                                                                    Function 0018228D Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 133f59c46eb25e3b0291f1d5fc786fd638d9677b1485424eae9357524c959a2e
                                                                                                                                                                                                    • Instruction ID: f46a64f422a0f4d738a1e64850d1a301f40559e6b5004ef9908c4391a5ed3df5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 133f59c46eb25e3b0291f1d5fc786fd638d9677b1485424eae9357524c959a2e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2A1CDB3F205254BF3444D39CC983A27683DBD5311F2F86788B989BBC9D97DAD0A5284
                                                                                                                                                                                                    Function 001651F7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 91d6a47cf667e898eb678d48fcbd31d60082a0103da861821f71a41e2e5836e6
                                                                                                                                                                                                    • Instruction ID: 33cecad76d7ef7904d3bce048520c932d35bbec8e157f61418c7195f2e1ad5cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91d6a47cf667e898eb678d48fcbd31d60082a0103da861821f71a41e2e5836e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4A17BB3F2163507F3940878CD983A266829B94325F2F82388F5CBB7C6D97E5D0952C4
                                                                                                                                                                                                    Function 0014306B Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ad4ac41a4d34385e62fc8c49d8d0b1502a28c5770856688f6af22cee8e10d52a
                                                                                                                                                                                                    • Instruction ID: 15073f60f383c62b469ec92c2903a4834a1426c353c3222dcd8d88b210901e12
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad4ac41a4d34385e62fc8c49d8d0b1502a28c5770856688f6af22cee8e10d52a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EA1CCB3E1122547F3584D38CDA83626692DB91320F3F42388E5C6B7C5D97E9D0A93C4
                                                                                                                                                                                                    Function 0010B088 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b7517d9d3a38445692de3fa78fd7aac9d07883675dd93bcd50b5974fb74833b6
                                                                                                                                                                                                    • Instruction ID: b7090192eb55dab27642929118009180b3a895a48b66bd8a99c9bdd335717f2b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7517d9d3a38445692de3fa78fd7aac9d07883675dd93bcd50b5974fb74833b6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C09179B3F1122507F3480938CCA83B66683DB95315F2F827C8F596BBC9D97E5D0A5284
                                                                                                                                                                                                    Function 000DD156 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ddb2373d8ec6e1809b47e15ffbd2c3119cfca112d536b822a684085298005670
                                                                                                                                                                                                    • Instruction ID: 3c9e85565834bde9c503c2c69f42c775e72d94ff8bc9627252c0e3e922463fe1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddb2373d8ec6e1809b47e15ffbd2c3119cfca112d536b822a684085298005670
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56A179B3F1162547F3980839CD583A6668297E5324F2F82788F5DABBC6D87E5D0A42C4
                                                                                                                                                                                                    Function 00124276 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 83bda99504f6b76716642fa2ab7c036cf0c73bb41f45bb5043ba16ea4ce30240
                                                                                                                                                                                                    • Instruction ID: 29d74c2fbf39a058a0e98c0251691099a5ecf81bf50925bdd557366071dbabc5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83bda99504f6b76716642fa2ab7c036cf0c73bb41f45bb5043ba16ea4ce30240
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D91BAB3F111254BF3944938CC983A26683DBD5311F2F82788E5CABBC9D97E5E0A5384
                                                                                                                                                                                                    Function 00116448 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dbeec55021877e2ab5cf8fd938a79a1fcf054b20ac3a14247a2096885e40a765
                                                                                                                                                                                                    • Instruction ID: fd5130dff70c4de7d431b7d4f4d9cfe0a102abdd3baa1930fa1cb8e9bd5ee8ae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbeec55021877e2ab5cf8fd938a79a1fcf054b20ac3a14247a2096885e40a765
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB918CF3F5162507F3944879CD583A265839BD4324F2F82788E9C6BBC6D87E5D0A52C4
                                                                                                                                                                                                    Function 000D00D5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: aeedb3328116951f30d7dfd88aee80f833b6347f3b2a2811c374a745235d07a6
                                                                                                                                                                                                    • Instruction ID: d4259758e440594f644e00aa31909765441f3b9a2e84024b30294cd2d80e06c9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aeedb3328116951f30d7dfd88aee80f833b6347f3b2a2811c374a745235d07a6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA91CCB3F1162547F3480964CCA93A26683EB94324F2F81788F5D6B3C5ED7E9C4A5384
                                                                                                                                                                                                    Function 001AB25E Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: eec0c11669b1988ec658d2803a898ae002150ee0b8a495d1cf3ab68b549fca4d
                                                                                                                                                                                                    • Instruction ID: 7eb2702e21527eab817a7bff87e4ef475e96ccc6b2c7a5e017f4d734a75ec045
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eec0c11669b1988ec658d2803a898ae002150ee0b8a495d1cf3ab68b549fca4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F791EAB3F516254BF3544979CC983A266839BE4324F3F42788E4C6B7C6E9BE5D0A52C0
                                                                                                                                                                                                    Function 0017C489 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bee586cdfff317471113755a26c7c423550e377c3af3cd55927bd50bdf3d2573
                                                                                                                                                                                                    • Instruction ID: 816d3c6e2b417d1cf03802f9b383bd0f8627900c09a1a4398c3f963f1f6961d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bee586cdfff317471113755a26c7c423550e377c3af3cd55927bd50bdf3d2573
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAA1BAB3E112314BF3544D68CC583A6B692DB91320F2F82788E5CBBBC5D87E9D0942C8
                                                                                                                                                                                                    Function 0015249D Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1e700bb5d1836e9a8799bac49b5498a1760ffa6c6a53e7fad453a1ca6261a412
                                                                                                                                                                                                    • Instruction ID: 16e15212113f7f538d30dbd5e5cb502977977c8f014b75dd596d346f1acde2ad
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e700bb5d1836e9a8799bac49b5498a1760ffa6c6a53e7fad453a1ca6261a412
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87917DB7F116254BF3944878CC583A26582DBA5324F2F82788E9CAB7C5D87E9D0A53C4
                                                                                                                                                                                                    Function 000E603D Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 61cb1c65a8fa6e4f85886a81b88070bfeef6c96fb2f65eac60085548e061c884
                                                                                                                                                                                                    • Instruction ID: 2e30ccb0b79366df31780b23faf9613a69215b9124355587d0ca6481c3522cfd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61cb1c65a8fa6e4f85886a81b88070bfeef6c96fb2f65eac60085548e061c884
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11A190B3F111258BF3444D39CC983A27693DBD1325F2F42788A58AB7C5D93EAD0A9784
                                                                                                                                                                                                    Function 0011404A Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 241f1e6f6d31cc3a9b34a550e080c461b934d208c6707ad7724cb1f5177f3716
                                                                                                                                                                                                    • Instruction ID: 1c75f1f981f2492d4d08c8d1a90ea555eabf4aa2cb21aebff3cfa503520054d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 241f1e6f6d31cc3a9b34a550e080c461b934d208c6707ad7724cb1f5177f3716
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6591ACB3F116254BF3544D29CC983A26683EBD1321F2F82788F986B7C5D93E5D0A9384
                                                                                                                                                                                                    Function 0017F2B1 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 05544f86f82847051c91164e63389dcdbce88baea9145f92c0483788fe461eb2
                                                                                                                                                                                                    • Instruction ID: d39af5fea2184156fe1ff344b595ab69c5c6ebdfd4c25e55b0e0e123f44ea95b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05544f86f82847051c91164e63389dcdbce88baea9145f92c0483788fe461eb2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72919AF7F5062547F7884838CCA83666682D7A4324F2F823C8F5AAB7C5D83E5D065384
                                                                                                                                                                                                    Function 001180AF Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 318d17f865243c3f4a0018aeab916d6f5e4880df92157d74c1e7f1f3bc3a8050
                                                                                                                                                                                                    • Instruction ID: 6198cffb079d3dcd733471b318fae78a55eb29b716ecc7ae1da8ded0746ad761
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 318d17f865243c3f4a0018aeab916d6f5e4880df92157d74c1e7f1f3bc3a8050
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF91C0B3F116254BF3444D29DC983A27283DBE4325F2F81788E486B7C5E97E6C0A9384
                                                                                                                                                                                                    Function 000ED23C Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 32c95e23bd4112374bba1a904f17d07290f8aa508a7fa55adedf17a96e3348a9
                                                                                                                                                                                                    • Instruction ID: d18ef3bcf236d568002676123f65563b8218ec580403e1a137a2176888be8002
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32c95e23bd4112374bba1a904f17d07290f8aa508a7fa55adedf17a96e3348a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A91BFF3F516244BF3484878DCA93666583D7A4310F2F82388F19AB7CADC7D9D095284
                                                                                                                                                                                                    Function 000F44F7 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 30963d789dd4aea5910ab8206c2278919de0e1421fba736a35c87d424cc5b9c0
                                                                                                                                                                                                    • Instruction ID: b8fb8a50dd8f73ba31b6bd7f9e9532eef1e2cb50109f888ce20fab7f48388020
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30963d789dd4aea5910ab8206c2278919de0e1421fba736a35c87d424cc5b9c0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 949180F7F6162547F3544928CC983626683DBD5321F2F82388F58ABBC5D87E9D0A5384
                                                                                                                                                                                                    Function 001A83CE Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b752b7db651384626a97773a82ba1f34c4d0cd0594b559a8d9b8bc031edb5c64
                                                                                                                                                                                                    • Instruction ID: 6055e7acaf41bc8cb029d203973d4e93b2cc1bfee66af85a52bd1d8c179eee1c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b752b7db651384626a97773a82ba1f34c4d0cd0594b559a8d9b8bc031edb5c64
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0691CAF7F516354BF3504969DC983A2B283DBA4310F2F02788E0CAB7C6D97E5D0A9284
                                                                                                                                                                                                    Function 0013B0EA Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 89e989875a7871f94d55bc750a4bdb49e4aec5ff2e28ba69f2cd97af88a1c51d
                                                                                                                                                                                                    • Instruction ID: 355787218588679e2708bedc4ddcf42f30134ade560b746a4ca9208eab3efd74
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89e989875a7871f94d55bc750a4bdb49e4aec5ff2e28ba69f2cd97af88a1c51d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 399178B3F112254BF3944D29CC98352B683DBD4314F2F82788E486B7C9E97E6D0A9784
                                                                                                                                                                                                    Function 000E4491 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9bb6c2d91a0822c7af8d50f73618bcbf5a959c683bf80e819a442d738792f7e6
                                                                                                                                                                                                    • Instruction ID: 14fa1ee54fb53a621ea2749a1855b664f48d7c4470fe8ff9fd2ba457f03bc145
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bb6c2d91a0822c7af8d50f73618bcbf5a959c683bf80e819a442d738792f7e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0091BDB7F506214BF3444929CC983A67683DBD5311F2F82388F48AB7C5E97E9D0A9384
                                                                                                                                                                                                    Function 001320D2 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 76a47958335c2d1a74f7f023f9c38593067be96121bee52ba1f5bf17f2a06ce6
                                                                                                                                                                                                    • Instruction ID: 4c6837b9da13db63e10829881870281812a4fa059a0c79f60cafe6225a6224a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76a47958335c2d1a74f7f023f9c38593067be96121bee52ba1f5bf17f2a06ce6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E591ABB3F112254BF3544964CCA83A2B692EB95320F2F42788F5D6B3C5D97E2D0997C4
                                                                                                                                                                                                    Function 000DE162 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8e9147da315bad6e7ad26faef362fadd6042128a12a4f3d95ffd4c3763234867
                                                                                                                                                                                                    • Instruction ID: 666c12a6f62db75cef3f47b1155ff6c90e26e5283005ef654717e274cd25eb48
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9147da315bad6e7ad26faef362fadd6042128a12a4f3d95ffd4c3763234867
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6191ACB3F5162547F3440839CC683A26683DBD1325F2F82788E99AB7C9D87E9D0A5384
                                                                                                                                                                                                    Function 0018E402 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 57dba653a19720da6a036d1fb633bca9d3e28c4d3544fb541142f9e78b13d17e
                                                                                                                                                                                                    • Instruction ID: 575e99cc4f3c0ae6b894df198f87d6cb6d319244dd9bdb36d79c26c8681604a4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57dba653a19720da6a036d1fb633bca9d3e28c4d3544fb541142f9e78b13d17e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7919DB7F106254BF3544938CC683626683DBE1314F2F81788F4DAB7C6E97E6C0A5284
                                                                                                                                                                                                    Function 000D6069 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 06782e746123ae3fcfc132e91984806a71b00bafef837508d803eb20ccc96763
                                                                                                                                                                                                    • Instruction ID: 90b56acfa2599d02d707b38bc5db2524cb5ee9dd5d5c3460774f18a1e3eca3e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06782e746123ae3fcfc132e91984806a71b00bafef837508d803eb20ccc96763
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8919DB3F1162547F3804D28CD983627283EBD5325F2F82788A586B7C9DD3E9D0A9384
                                                                                                                                                                                                    Function 000CD256 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 78d80a570448711f54394e69e0b6d87896aa7275c5235f51e585a7fcbb748f84
                                                                                                                                                                                                    • Instruction ID: 2af263f7968b3f78b1933519104f3533e865b30ce657ebde50075dfe149bd84b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78d80a570448711f54394e69e0b6d87896aa7275c5235f51e585a7fcbb748f84
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2991ACB3E116254BF3544D78CC98362B692AB90320F2F42788E5C6B7C5E97E5D0A9384
                                                                                                                                                                                                    Function 000F807F Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 768e2dd79ae13dbad82afcc2d5176a2da331d99bfa011d88308cbee45db30df0
                                                                                                                                                                                                    • Instruction ID: eb79e782c2d125e9786f33680816283b36f36ac851873eb053620c1b46b067d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 768e2dd79ae13dbad82afcc2d5176a2da331d99bfa011d88308cbee45db30df0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 409199B3F2162447F7544939DCA836266839BD5320F2F82788E6C6B7C6D87E5C0A53C4
                                                                                                                                                                                                    Function 00164240 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c7203628ae92db85e899678e8dc30f11f83abc3c51cca99751aeb5ffdc23bc5b
                                                                                                                                                                                                    • Instruction ID: a49d0a507f5d2cad25a0648c926e30c2506ab9db8217261b5ddb552199c8f633
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7203628ae92db85e899678e8dc30f11f83abc3c51cca99751aeb5ffdc23bc5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0919BF3F5162647F3444929CD983A26683DBD5325F2F82788F0CAB7C5D87E9D0A5288
                                                                                                                                                                                                    Function 0013442B Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a87f2e476043b01a14fee14a5417b6375e09a8cc2441bb2de046281345ab9313
                                                                                                                                                                                                    • Instruction ID: c91bdd20ca23b2bbc61c457a4c19045eba75a79b20a5237a8ad2b6ccb0daaa0a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a87f2e476043b01a14fee14a5417b6375e09a8cc2441bb2de046281345ab9313
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42919DB7F106244BF7484839DCA83627683DBA5314F2F423C8F59AB7C6D93E5D0A5284
                                                                                                                                                                                                    Function 001991D3 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8cfaa91a910851be191294f2914b6206db06d76c7143c69c25f0a018a26794af
                                                                                                                                                                                                    • Instruction ID: e621ddf5e700f93f018c6f77fdc932f657cbc9202334ddd11d51c5e94288c5f5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cfaa91a910851be191294f2914b6206db06d76c7143c69c25f0a018a26794af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8917CF3F2062547F3584D29DC983616243DBA5325F2F82788F5CAB7C5D97E9C0A9284
                                                                                                                                                                                                    Function 000DF269 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dcac34852fd41fbed3c67157c7b8c937a4eeec246ad87e91787d818829f96b1b
                                                                                                                                                                                                    • Instruction ID: 07311f5d32bc4971c4f8f810e1fcb123b8d8828742bbc7fa9ff80840db9163f1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcac34852fd41fbed3c67157c7b8c937a4eeec246ad87e91787d818829f96b1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8691A7B3F016254BF3548929DC68362A6839BD1324F2F82388F6D6B7C5ED3E5C4A5284
                                                                                                                                                                                                    Function 001A63E1 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 50a16c5db7540d737d18ae8fa0ee2f7dcf6ce3f6e944b9e4d27b95dfae75a707
                                                                                                                                                                                                    • Instruction ID: c11ad3d42e510992cc47a5aeb4d49aadbe7787d3fbe4c5816838c553c69fbfcd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50a16c5db7540d737d18ae8fa0ee2f7dcf6ce3f6e944b9e4d27b95dfae75a707
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 449199B3F116254BF3544D39CC983626683DB94311F2F82788E98ABBCAD93E5D0A57C4
                                                                                                                                                                                                    Function 001C245D Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 89429dbc29ef8d4572ba07add9f54ab771fdcc44bd77368353fe0106cf6427b4
                                                                                                                                                                                                    • Instruction ID: c754f6b3c13272748ea30afb38e07d1ae52d61c767d1717eaf0575fe963bf4d2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89429dbc29ef8d4572ba07add9f54ab771fdcc44bd77368353fe0106cf6427b4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89918AB3F115264BF3404928CC543A27293ABE5325F3F42788E4CAB7C4EA7E5D4A5784
                                                                                                                                                                                                    Function 000804C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                    • Instruction ID: 950591308a083116fe046abf853db327dc3ac172f4e1a1129022316a01deae23
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1B16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                    Function 0016B038 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1ef1d5946440087ca46339f72b4562e51db5fa98e6ec5ae439715a974fdd4eb4
                                                                                                                                                                                                    • Instruction ID: f5b7ff1a97e04c6b6546f9bb7c62efe306ac42bc24c59297502779e34d2b7f0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ef1d5946440087ca46339f72b4562e51db5fa98e6ec5ae439715a974fdd4eb4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D491BEB3F115254BF3444E29CCA83A27293DBE9320F2F41788A5C6B7C5E93E5C4A9784
                                                                                                                                                                                                    Function 001D22C8 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 615ccd333adc185eb9675ad6b171b0498e4024fff6b39b1a6bf8c262b7214880
                                                                                                                                                                                                    • Instruction ID: 6c245944086be90c3f44216405ecfa8d2a22444874c9223b9e5bce405bf8b6fb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 615ccd333adc185eb9675ad6b171b0498e4024fff6b39b1a6bf8c262b7214880
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC918AB7F516254BF3104D28DC9836276839BD4325F3F42388E58AB7C5DA7E6D0A9384
                                                                                                                                                                                                    Function 0012503C Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b7ef176b12c33681f6f2996cfd0f48feb08a219a1cc96374577154a0291ec26a
                                                                                                                                                                                                    • Instruction ID: 699de67c0aaeff7addf188de1cd61061dcc0ad4ac46c48eaeffdc8cf6119adaa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7ef176b12c33681f6f2996cfd0f48feb08a219a1cc96374577154a0291ec26a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD918DB3F116254BF3544929CC983627283EBE5325F2F42388B4D6BBC6D97E9D0A5284
                                                                                                                                                                                                    Function 001A91FF Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b4a3f0be60cda16d42370b2ae41e9b2742df0a2d70e8b19d0bea2f8095a755a2
                                                                                                                                                                                                    • Instruction ID: ac734f8541ee04470a07c4c3abe31cccb7ef7af5cc0b9f20360cfcc6a9871d92
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4a3f0be60cda16d42370b2ae41e9b2742df0a2d70e8b19d0bea2f8095a755a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35918CF3F1162547F3544979CC58362B683D7A5325F2F81388E58AB7CAE97E9C0A4384
                                                                                                                                                                                                    Function 00140146 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e506248637472f01a398a06552cac0568c80798fb79ee4d44914a55a27eb5405
                                                                                                                                                                                                    • Instruction ID: dfe926003fcdda291d50faa8b7d8e21ceddd59dbd07012358aa18dbbd59f4191
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e506248637472f01a398a06552cac0568c80798fb79ee4d44914a55a27eb5405
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED918AB3F116254BF3544839CC9836666839BD4320F2F82788E4C6BBC6D97E9D0A53C4
                                                                                                                                                                                                    Function 000DC0B3 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7c25be68873c969f67ae5acdf7ecc633eb864dd68a600e8d91bcea7ca61d78c4
                                                                                                                                                                                                    • Instruction ID: 435dfe31deae9dc01b35783ede28fa5fabd95bd240c1c4ed5e5bda07cc780185
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c25be68873c969f67ae5acdf7ecc633eb864dd68a600e8d91bcea7ca61d78c4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 049199B3F1152547F3984928CC683767692DBA1321F2F427C8F4AAB7C5D93E6D0A9284
                                                                                                                                                                                                    Function 001C9201 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: aaad4cdd421fa73eae4adc43101c66813c0b85eb3a13b5d473be12b9c7f6c332
                                                                                                                                                                                                    • Instruction ID: 8012ba0922941f59c8034addf53406c4d73958937f2049ede7ccd0feff876c46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaad4cdd421fa73eae4adc43101c66813c0b85eb3a13b5d473be12b9c7f6c332
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA918CF3F1152447F3484838CD683A666839BE0315F2F82398F596B7CAE87E5D0A5288
                                                                                                                                                                                                    Function 0012B282 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 990323deeadc4f6a5806a18f31da536428c82f938a6d96c85c901db85b3b740f
                                                                                                                                                                                                    • Instruction ID: 6dd18968fdfaa8520e8bc0abd0cc7f6c8273a4202242302d45397c3b2eecaf82
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 990323deeadc4f6a5806a18f31da536428c82f938a6d96c85c901db85b3b740f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1491AEB3F1162547F3544E29CC983A27693EB94310F2F42788E8C6B7C5DA7EAD099784
                                                                                                                                                                                                    Function 0010218D Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9e708ee85534f6f6d542b00573f77ce0edd2db637719cb0c797401960eb7d30e
                                                                                                                                                                                                    • Instruction ID: 497439c1e4654215d351f256d664f11d019ddc66aec809afb898f0654380c7c3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e708ee85534f6f6d542b00573f77ce0edd2db637719cb0c797401960eb7d30e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A817AB3F116254BF3544839CC593A26683DBE5320F2F82788F5D9BBC5D87E9D0A5284
                                                                                                                                                                                                    Function 000DA312 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3c7e7c8ad38f658e955dac13a5e8ec247c16e2af7a494f7ad7be5888483d15a9
                                                                                                                                                                                                    • Instruction ID: 63bc734bf912e02ad83c9d6c95d76cd7c47146937a04427423d7959c8a404740
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c7e7c8ad38f658e955dac13a5e8ec247c16e2af7a494f7ad7be5888483d15a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77818AB3F516254BF3444869DC983A26283D7D4325F2F82388F9C6B7C6E87E6D064384
                                                                                                                                                                                                    Function 000A0460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                    • Opcode ID: 94f1da8319af7afeca3870d30ce6746391ac16d7b5426ab46360293058d74df6
                                                                                                                                                                                                    • Instruction ID: 71e8df11570dd9f83ca8e3ed422ff9376475683b2816ba53bb0a7745de3f6169
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94f1da8319af7afeca3870d30ce6746391ac16d7b5426ab46360293058d74df6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B613935A087059BD7159F58C890A3FB7E2EFC6710F19C52CE9858B2A1EB30DC51D782
                                                                                                                                                                                                    Function 0018E02F Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c87d3f79a53381c1c251a569cd8b4b024d42369afb10f930bef04f988bf39fa2
                                                                                                                                                                                                    • Instruction ID: 10498e16312ebb6311c3747a036bff0d5255312c902fd6ada12a9ccadeff43c7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c87d3f79a53381c1c251a569cd8b4b024d42369afb10f930bef04f988bf39fa2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26819CB3F115214BF3444D29CC583A27693EBE5325F2F81788E48AB7C4DA7E9D0A9784
                                                                                                                                                                                                    Function 001841B6 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6eb99da416a2af9cd33c4597d2fe883ac2896ed5473a29197b38a20b650f83f7
                                                                                                                                                                                                    • Instruction ID: 11e010b44865716e2c1f0f7d62dd22e1af6b0675226d648a049a7677284fede6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6eb99da416a2af9cd33c4597d2fe883ac2896ed5473a29197b38a20b650f83f7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59819CB3F116254BF3444929CCA93A27683EBD0324F2F41788E8D6B3C5D97EAD0A4784
                                                                                                                                                                                                    Function 0018C172 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 30b55cc3ed4f3ce26da61cc9187284c42c03d056bd6894cf696476a7c702bced
                                                                                                                                                                                                    • Instruction ID: 1733434cd8d593d757d28cf1094bbc239f6db8d45a4daa37d63fa7ddba427071
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30b55cc3ed4f3ce26da61cc9187284c42c03d056bd6894cf696476a7c702bced
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B8149B3E011258BF3544E69CC583927693DB94324F2F86788E8C6B7C9D97E6C0597C8
                                                                                                                                                                                                    Function 0014220E Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a6f73feafd2ccd395c78ef7fe6f4d16996a9ffde164af7071d3b353c6707601a
                                                                                                                                                                                                    • Instruction ID: 7584bfbd3b5f5f5052e111be296b90cc095ef030602c9fbd0c7c3246370ce0a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6f73feafd2ccd395c78ef7fe6f4d16996a9ffde164af7071d3b353c6707601a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4817CF7F116154BF3544938CC9836266439BD4324F2F82788E5C5BBCAD97E5D0A5284
                                                                                                                                                                                                    Function 0013D0AA Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f6864660e64e934139c831ac4e6b9b6861ed7bccc40981d9836abcfc4e733f79
                                                                                                                                                                                                    • Instruction ID: d92458e701b091172827f2c98bb1362f0509cd016f4b3b16a5718d6d54ee24cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6864660e64e934139c831ac4e6b9b6861ed7bccc40981d9836abcfc4e733f79
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F981ACB3F115254BF3548E29CC643A67283EBD5324F2F81788E48AB7C5D97EAD0A5384
                                                                                                                                                                                                    Function 000D42E2 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: adb261923a8376d59aad9e1d16c13e22177b70d71f980aaf2ea132d7a6b00d1d
                                                                                                                                                                                                    • Instruction ID: 393579059e1b3fa255bb86af83eb9e04925d5af3d534876bf4b87d42cb0883e8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: adb261923a8376d59aad9e1d16c13e22177b70d71f980aaf2ea132d7a6b00d1d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB81AEF7F1162547F3444929DC583623683DB94324F2F42788E9CAB7C5D83E5D0A4384
                                                                                                                                                                                                    Function 0017E493 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c7b5582e9d8eb8414e969a430c2c6222c4d148b7b63205255b70f89bee669298
                                                                                                                                                                                                    • Instruction ID: 1f5c87615f74871ec2fe94e1f498d44667c40905e2705540b409df94b8a7af05
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7b5582e9d8eb8414e969a430c2c6222c4d148b7b63205255b70f89bee669298
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7818CB7F106204BF3444939CCA83A67283DBD5715F2F82788B589B7C9E87E9C0A5384
                                                                                                                                                                                                    Function 001184E1 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 83e4434d0bab08f15762947c854884c0f52c109f558a0e187d3060b10639a4e5
                                                                                                                                                                                                    • Instruction ID: 7b02ea69af3e58914fd9187612abc8029925e6bf58c310a1b313b4e87fa0d472
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83e4434d0bab08f15762947c854884c0f52c109f558a0e187d3060b10639a4e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F49159B3F106254BF3444E28CCA83B27292DB99311F2F42788F496B7C5D93E6D099784
                                                                                                                                                                                                    Function 001A00D4 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 08d8ccb37199bb70ea39c75e69c0c5b89762efe302f3de48c19730d5be48d009
                                                                                                                                                                                                    • Instruction ID: 5dde3c7812ccafcd45559280230560fe51e92ee20f8b6ce19dd91349f193fea7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08d8ccb37199bb70ea39c75e69c0c5b89762efe302f3de48c19730d5be48d009
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1818BB7F106254BF3544D29CC983627683DB94315F2F42788E8CAB7C6D97EAD065288
                                                                                                                                                                                                    Function 001C329A Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 18df8e05574e6751d2b6b7b956da06d7c21e8e3d0b7f3c75ca7b0989c899185a
                                                                                                                                                                                                    • Instruction ID: 67dae9b6321389fbba1f23c71413632f92ad879ba755e85af1f7d62ea6cc7d82
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18df8e05574e6751d2b6b7b956da06d7c21e8e3d0b7f3c75ca7b0989c899185a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D18144F7F1162507F3984868CD583A26683ABD0325F2F82788E8D6BBC5D87E5D0A53C4
                                                                                                                                                                                                    Function 00134019 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6519b122c6d6910b0b9ad82a79d4f52c988be1a1d86ad0c91cb1341da8e827e3
                                                                                                                                                                                                    • Instruction ID: dd2f092eac158f2c7dd043eef0ab486c467130efc60524f427137a76d4f1cd42
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6519b122c6d6910b0b9ad82a79d4f52c988be1a1d86ad0c91cb1341da8e827e3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 828199F3F116254BF3484869DC993A22643D7D4321F2F82788F586B7CAD97E5C0A5288
                                                                                                                                                                                                    Function 001AE35E Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 04a67f46b838d6195a5f8f27d3d5e35ac77391a0113dfba50d382c106a93d51f
                                                                                                                                                                                                    • Instruction ID: 18929992a281480362ddaac0d56fb8ac30679d46ea331fd071561d22e3235a83
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04a67f46b838d6195a5f8f27d3d5e35ac77391a0113dfba50d382c106a93d51f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E819CB3E006354BF3644E68CC943A2B2929B94325F2F42788E9C7B7C1E97E5C4597C4
                                                                                                                                                                                                    Function 000D0550 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c67c4add19480c0ecd1ffd519be53517a3ac0c074a25dc1ec97f12c532c415bc
                                                                                                                                                                                                    • Instruction ID: c701187ae246f9dbe4a2392713173616b98f1d07fd1a89e456952b0b01682c6f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67c4add19480c0ecd1ffd519be53517a3ac0c074a25dc1ec97f12c532c415bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B818CB3E125264BF3544A28CC5836277939B95321F3F42788E1C6B7C5EA3E6D0997C4
                                                                                                                                                                                                    Function 001A2036 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 00b1b8641cbfba3082e575546c1e9a9f22393018da83464292b644a8eca301ca
                                                                                                                                                                                                    • Instruction ID: 5c3bac1b6c80b454dbe3efe93268d58d97a1c3de0e3ddce3df96ee0fbbe4d7f0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00b1b8641cbfba3082e575546c1e9a9f22393018da83464292b644a8eca301ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D818AB7F1062047F3544929CCA83666683DB95324F2F427C8E98AB7C5E9BF9C0A53C4
                                                                                                                                                                                                    Function 001302FC Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0bd77e75caf3fd6f15b044ca4868db8be84625bb302ec5c8cd8d3bae8f3f9d26
                                                                                                                                                                                                    • Instruction ID: aad5e6f34be6cbe08d87c3e55b92198f0a8de4d697817c5765b3e98d8dd02b70
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bd77e75caf3fd6f15b044ca4868db8be84625bb302ec5c8cd8d3bae8f3f9d26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 568189F3F5162547F3580839CDA83662583DBA1315F2F82788F196BBC9D87E9D0A5284
                                                                                                                                                                                                    Function 000EB257 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4c9a18a54157709884964c7a5ca7327fc23f680adaaa2c7436b9b8d2a62994ea
                                                                                                                                                                                                    • Instruction ID: 0268d3b47cc059371c21a4f7474dbc784fe5dac476c83ebc7e6f424e67eeb515
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c9a18a54157709884964c7a5ca7327fc23f680adaaa2c7436b9b8d2a62994ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3081A9B3E116258BF3544D39CC58362B6939B94320F2F82788E9C6B7C5D93E6E0997C4
                                                                                                                                                                                                    Function 000F84BF Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9288ee08b46ac2777d0c3e87efef92a21d9b49244d1cf73e8096b3c9e71f066a
                                                                                                                                                                                                    • Instruction ID: 4f16ebdd885a2341cdb8b74f605239c68be9690f3689b91fe38046bcbd4adf5d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9288ee08b46ac2777d0c3e87efef92a21d9b49244d1cf73e8096b3c9e71f066a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6818CB3F116254BF3544D29CCA83A26683DBD5315F2F8178CE48AB7C9D87E6C4A5384
                                                                                                                                                                                                    Function 00152102 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 89dd716810684906ae214b32e3240ae87422c439d997523be1f4df29b5e2a46e
                                                                                                                                                                                                    • Instruction ID: f32fb197d605ab829fc14eb6b2a59d998d984cbd9fadca01294c4fd164dd157a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89dd716810684906ae214b32e3240ae87422c439d997523be1f4df29b5e2a46e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9671B9B3F111204BF3584939CC583A66683DBD5315F2F82788F58ABBC8D97E9D0A4288
                                                                                                                                                                                                    Function 001712CD Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6ab532fe10b8fc3634477190e0d9af9bfbd10a28a0377336f0d6fe81c5ea91a1
                                                                                                                                                                                                    • Instruction ID: 6eb03c898a136f5321bca42841896d9d46a990fd4469f44054c51fd5f18afa76
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ab532fe10b8fc3634477190e0d9af9bfbd10a28a0377336f0d6fe81c5ea91a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2818AB3E105214BF3548D39CC58366B293EBD1325F2F82788E586B7C4D93E6D0A9784
                                                                                                                                                                                                    Function 000D64DF Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 25a90f9fe6bd5bf50e7d8de67ca6792b78cf274822f04fffb4ced15d53248daa
                                                                                                                                                                                                    • Instruction ID: 7c6090ee62b1d671b86bc2787567e3a66dd88d6aec5763308438a425c19b82cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25a90f9fe6bd5bf50e7d8de67ca6792b78cf274822f04fffb4ced15d53248daa
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B819AB7F106254BF3544D68DC983A27282DBA4321F2F427C8F9D6B3C5E87E6D089684
                                                                                                                                                                                                    Function 000C8542 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 075176dd5fc3f10ae9d832eb241033d1a84eb5480735b0671f7a1d441c22a937
                                                                                                                                                                                                    • Instruction ID: 6408fb2e3143daeddd5875fda63c1a2b2ee86640cc104fc9d013e9afbb476795
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 075176dd5fc3f10ae9d832eb241033d1a84eb5480735b0671f7a1d441c22a937
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 207179B7F116254BF3904D69DC883526283DBD4325F2F82388F886B7C9D97EAD0A5784
                                                                                                                                                                                                    Function 000F04A0 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9701624bd8c4092fedfa6437885dab7980ba33176a2f91ba1bdf23b6005e922b
                                                                                                                                                                                                    • Instruction ID: 6e1f0b7d8778089d507875932ea4c134951c0a4e7a856085a6f1811959ceb0d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9701624bd8c4092fedfa6437885dab7980ba33176a2f91ba1bdf23b6005e922b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE818BB7F2062547F3584D28DC983A2B682DBA0321F2F42388F9D6B7C1D97E5D499784
                                                                                                                                                                                                    Function 00179292 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a0f736ddc1cd378fdd48d66fd0879fb112b1f86049c208b0e9ee1aaab81f911c
                                                                                                                                                                                                    • Instruction ID: 84d9dafd1dd8e059b503d3bc1fd7a9eb8dd32bf0874f1bd8ad5a12f957553d77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0f736ddc1cd378fdd48d66fd0879fb112b1f86049c208b0e9ee1aaab81f911c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3071CDF3F2162547F3544828DD983A26643DBD4324F3F82388E1CAB7C6D97E9D0A5284
                                                                                                                                                                                                    Function 0017E0F9 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 515809eae87ac4562971c10c4fa8896ccc57e90488b27b490be434eb9fc20f3a
                                                                                                                                                                                                    • Instruction ID: 0337c6643a212793200c3812f62129c77834b6919552b1af9278511b485f75d0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 515809eae87ac4562971c10c4fa8896ccc57e90488b27b490be434eb9fc20f3a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D471ABB3F116244BF3544D38CD993662683D7D4324F2F82788E59AB7C9DC7E9D0A5284
                                                                                                                                                                                                    Function 0019F232 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 70e6e2ee68511eda3bd29984407e9c541fc75881da441393d3d0269ea83866d4
                                                                                                                                                                                                    • Instruction ID: fc4cf449dd0a0630b65f6cfaf4947682e9d2be06c94b1f065cd48a2d63a6d9f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70e6e2ee68511eda3bd29984407e9c541fc75881da441393d3d0269ea83866d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22719BF3F1052547F7084968CCA83A676839B91325F2F423D8F59AB3C1E97E9D0A8684
                                                                                                                                                                                                    Function 001332F2 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dd74ab9263f6a330c664ef46ddeddfad505bde6a70d3a50ed618bce5a19912ae
                                                                                                                                                                                                    • Instruction ID: 788fee504c94d988d965ddb7dfde08b9aeec08b2ce1ed2f70aaaed765eefad21
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd74ab9263f6a330c664ef46ddeddfad505bde6a70d3a50ed618bce5a19912ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F71BAF7F2162547F3580928DC983A266839BE0324F2F42788F4DAB7C5D97E5D0A5388
                                                                                                                                                                                                    Function 000FE31D Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a1f663f77c7591f6e66aafa309f2c3e43a09f8846692fc9d2c114e4c21b3755d
                                                                                                                                                                                                    • Instruction ID: 81d87c8d3325fea48a8dab7fb0202dc80df11fcbb8ffae1b3cc0138da4186acf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1f663f77c7591f6e66aafa309f2c3e43a09f8846692fc9d2c114e4c21b3755d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66718DB3E1162547F3944D28CC583A27683DBA4320F2F41788F8C6B7C5D97EAE499688
                                                                                                                                                                                                    Function 001561B3 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4b557873991c73ee6c00326ad4ad76c76fec44f9c519c419bf77081ab499d4d6
                                                                                                                                                                                                    • Instruction ID: 1389f8d19feebc7f919828d36c8dbe8176ea7f4bccd735874f4ded7b3c9399e6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b557873991c73ee6c00326ad4ad76c76fec44f9c519c419bf77081ab499d4d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3471BEF3F516214BF3804928DC983A27652EB95314F2F82788E4CAB7C6D97E5D0A57C4
                                                                                                                                                                                                    Function 001CB234 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d2d6903b68b1cddf5e2b9c945b4bd4a93e0ed8686cc01310f48bdda9fc7c61ba
                                                                                                                                                                                                    • Instruction ID: 249fae53580e91fecdabe7ddace3dc093777f3e39f76d3104a0def85ad557cf9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2d6903b68b1cddf5e2b9c945b4bd4a93e0ed8686cc01310f48bdda9fc7c61ba
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42717DF7F105244BF3544E28CC983A27682DBA5324F2F42788E9CAB7C5E97E9D095784
                                                                                                                                                                                                    Function 000D24DB Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ffa9b7a7b6742c30fccc795b3d9d2366b60445a2c41fd5712b4b8c3d9ffc6b28
                                                                                                                                                                                                    • Instruction ID: 6c68930e00c36bba189ba1f95c08407c44713fdb82b6b1096d80f204e5a01b05
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffa9b7a7b6742c30fccc795b3d9d2366b60445a2c41fd5712b4b8c3d9ffc6b28
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A718BB3F106244BF3544E28CCA83A67682DB99320F2F42B88F596B7C5D93E5C0997C4
                                                                                                                                                                                                    Function 0012F04F Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ab601ae632771b2e3f13364c5247f860d2a07a8f555f174f9e30736e5c477f7e
                                                                                                                                                                                                    • Instruction ID: 791d533cc97ede7bbf789d620328dbc99a8cca3406e09507aa9f77b91240b990
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab601ae632771b2e3f13364c5247f860d2a07a8f555f174f9e30736e5c477f7e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 847179F7E1162647F3504929CC5836266939BE4725F3F82788E5CAB7C6E93E5C0A43C4
                                                                                                                                                                                                    Function 001190DD Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ed3436f9692fcb36826323e38f1dd3fac595b761a75daeb2f94f737ceccac6ce
                                                                                                                                                                                                    • Instruction ID: 77fbcc4ba1b4c50ee872005b59f79bf6fa7251845ad1f702766d6de787b913c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed3436f9692fcb36826323e38f1dd3fac595b761a75daeb2f94f737ceccac6ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75719CF3F116158BF3044939CC983A27683DBE5321F2F82788B589B7D5E87E9D099284
                                                                                                                                                                                                    Function 00178399 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5279e3d94f30a0700d3d8e704b8dfbead6c97821ff9ad8e13e42ea8ce41b0e72
                                                                                                                                                                                                    • Instruction ID: 6b0bc130dd7d5805e2bd2d66e1055e1a8d3fc27ebfacad0037f92e2a22388676
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5279e3d94f30a0700d3d8e704b8dfbead6c97821ff9ad8e13e42ea8ce41b0e72
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A71D6F39092049FE3056F29DC4577AF7E5EF94720F1A893CE6C897684EA3598408B93
                                                                                                                                                                                                    Function 001C43D6 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 47fbcc755e14703af17bb6c9370d2b4758c7b614a801d1a3b34bb980550f7251
                                                                                                                                                                                                    • Instruction ID: 6bc64171b5145dc4239ebab16610a154f1d5fc0ae0c1dcaee26521567a8884d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fbcc755e14703af17bb6c9370d2b4758c7b614a801d1a3b34bb980550f7251
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF7188F3F116254BF3444939CD9836276839BA5315F2F82788F5CABBC9D87D9C0A5284
                                                                                                                                                                                                    Function 0014814C Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 43abc753373ce580d0cefca56e71d31ef79ffe1d1323fb24c6fd1d6d034cae32
                                                                                                                                                                                                    • Instruction ID: 86398523f5b8481b8d9ef37a1054846921167327f0f9749fd2d432d079ef1ed5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43abc753373ce580d0cefca56e71d31ef79ffe1d1323fb24c6fd1d6d034cae32
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7718AF7F116258BF3444E28DCA83A63353EBA5311F2F41788A485B7C5E93E6D099784
                                                                                                                                                                                                    Function 0018D22A Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5acc484dcc7f24cb40239a3d6e946a6c21c3c65f12dee6447c31a617619f7dc6
                                                                                                                                                                                                    • Instruction ID: 75b3f6811243d4324c7bdef2d2babeb28ebc91bd2cba515d1115b40ba3999e98
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5acc484dcc7f24cb40239a3d6e946a6c21c3c65f12dee6447c31a617619f7dc6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB7148B7E2162547F3544929CC583A27283DBE4325F3F82388E986B7C5E97E9D064788
                                                                                                                                                                                                    Function 001BC224 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 33ba80f495ad8d943230c39b24c5a55c17bfd2739afaaccfa940e2a43124345c
                                                                                                                                                                                                    • Instruction ID: 65f2fe7ba1e7f7e335b2c1bc181520acd6572ab8f4e1308a2ac91f373cc618c2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33ba80f495ad8d943230c39b24c5a55c17bfd2739afaaccfa940e2a43124345c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB71CDB3F116254BF3044D29CC94362B683EBD5325F3F42388A58AB7C5DA7EAD065784
                                                                                                                                                                                                    Function 0013509F Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6d10f2e8cb171cf99db20866af7aec9e9784da1dea89f8b68f970e3df9bab939
                                                                                                                                                                                                    • Instruction ID: 616a330e633e0df8f6fd9046c3cde1a70ef32e414e0932e5d8c813a5bbc2226f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d10f2e8cb171cf99db20866af7aec9e9784da1dea89f8b68f970e3df9bab939
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 427189F3F116254BF3504D69CC883A272939BE5315F2F82748F086BBC9E97E5D0A9284
                                                                                                                                                                                                    Function 000DC4CB Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2c64ddc730053962d023f5022c02263f08ef5109924dfc19c3058e77f5f9e81d
                                                                                                                                                                                                    • Instruction ID: 8670209962ebff18956e36d61767f8bb1b3d665de2217aa3ecb6a52c7075594e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c64ddc730053962d023f5022c02263f08ef5109924dfc19c3058e77f5f9e81d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 077198B3E5163547F3944968DC483A2A6839BE5321F2F82388E4C7B7C6E97E5D0A53C4
                                                                                                                                                                                                    Function 000FD16C Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0a4e52806c5579aa3386bba413317951903606b3ddc87ee27b072a5e36eacbb5
                                                                                                                                                                                                    • Instruction ID: d533e2d24751fdfab07831c6bf807893b62a38c47a67c3479fa27e94d61fda50
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a4e52806c5579aa3386bba413317951903606b3ddc87ee27b072a5e36eacbb5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E071ADB7F515154BF3400D38CC683A27653DBD5315F2F82788A985B7C9D93EA84AA384
                                                                                                                                                                                                    Function 0010C208 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bf6a3c2ec34a7577d0bcc57b058994d2468e73ba8b3435a62c25a44709fcb9a8
                                                                                                                                                                                                    • Instruction ID: 8fc74d91925ed1b7205306feb31a56ce9f9d3cfe4a17426c130252d238ec83d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf6a3c2ec34a7577d0bcc57b058994d2468e73ba8b3435a62c25a44709fcb9a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0971D2B3F1152547F3404E79CC983627693EBD4311F2F82788E586BBC9D97E9D0A5284
                                                                                                                                                                                                    Function 000D1118 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fa422ed09ee95a9cb95ed2afcfa80363f5b162bb515b99feb83334499a4cf2ae
                                                                                                                                                                                                    • Instruction ID: ef906d49f2009e4cb42b10ba05a3a7da715d9bd95866fa4fec11f932824cd9e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa422ed09ee95a9cb95ed2afcfa80363f5b162bb515b99feb83334499a4cf2ae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4718AB3F1122547F3540D28CC583A2B682DBA5325F2F42788E9CAB7C5D97E9D0957C4
                                                                                                                                                                                                    Function 0013F1D9 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c81d3fd665b5e82ac868e86cb337eafb70b9a91a12fbb7c7a080c859eb0f42f4
                                                                                                                                                                                                    • Instruction ID: 5ae437735d9954462f0d4cf8803b08eb3c88cc4f459bb45a4e59d7a19dcc51e7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c81d3fd665b5e82ac868e86cb337eafb70b9a91a12fbb7c7a080c859eb0f42f4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D719AB3F116254BF3404D28CC583627293DBD6721F2F42788F586B7D5D93EAD0A9288
                                                                                                                                                                                                    Function 0016C330 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1d728a48c013df53e658538c993bfb6d33bfffdf7fe8f933e9d783f63b2ccf69
                                                                                                                                                                                                    • Instruction ID: 1a17a09ed15e3e1ea445f908264f76b568804cda146a18cebadeace0d5a77e61
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d728a48c013df53e658538c993bfb6d33bfffdf7fe8f933e9d783f63b2ccf69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C7198F3E2063147F3640D68DC48362A692ABA5325F2F42388F5C7B7C5D97E6D0A52C8
                                                                                                                                                                                                    Function 0016A065 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 79ed10180d2f2e96117a4091f8d4743047ef044bf54137b3a38e60d0214e6f0a
                                                                                                                                                                                                    • Instruction ID: 4c77914ba7f84c45bcecc4befe4f5bb6464312da142e32b683c5e739e272de58
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79ed10180d2f2e96117a4091f8d4743047ef044bf54137b3a38e60d0214e6f0a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69717AB3E115254BF3644D68CC983A27652DB94320F2F82788E5CAB7C5D97E6D0897C4
                                                                                                                                                                                                    Function 001BA098 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3cd32f96f4894cb1f8c62d3ef518572f0a93025a477e1b843bc902b122bbd72f
                                                                                                                                                                                                    • Instruction ID: 1f018517551e778556be4c9f03ee6412963d4148a53be6ee6228c69782b11158
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cd32f96f4894cb1f8c62d3ef518572f0a93025a477e1b843bc902b122bbd72f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4616CB3F1162547F3944D69CC98392B282DB99321F1F41798E8CAB3C9D97E6C0997C4
                                                                                                                                                                                                    Function 001AA2FA Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 28a87c8686e79ac633f8b5ef29590c6de67c94c31bf1013fc91cf5895c8f99ea
                                                                                                                                                                                                    • Instruction ID: aae2ae5fdb371148e39db404b5d82e527dd73d8dbce32374c5deb18117975b9f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28a87c8686e79ac633f8b5ef29590c6de67c94c31bf1013fc91cf5895c8f99ea
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7618EB3F1112547F3544D39CC58362B693DBD5321F2F82788A9C6B7C5E97EAC0A9284
                                                                                                                                                                                                    Function 0013E28C Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 17638efb0ad471c77bc399d2fbda49adc1cd45dabd4aa8039e0953cc31cc56ff
                                                                                                                                                                                                    • Instruction ID: 36954efcec2f4b2aeaa40ba43d012a1f583f88c0e6386aeb5b4cf347083e36d3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17638efb0ad471c77bc399d2fbda49adc1cd45dabd4aa8039e0953cc31cc56ff
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A6190B7F106254BF3544939CC583626693DBA8325F2F82788E4CAB7C6E97E9C095384
                                                                                                                                                                                                    Function 001BD26B Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fff731f30844ec76b16234da6613cfe49aa076b83bbf1edbf68c170c3bf60146
                                                                                                                                                                                                    • Instruction ID: 8e3054130c93239041d69045de2a90acdc0ebf409bc6c2d4ddcd80a9780ee28c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fff731f30844ec76b16234da6613cfe49aa076b83bbf1edbf68c170c3bf60146
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE61BCB3F1152547F3444E38CC58366B693EBD5311F2F82788A486B7C9D93EAE099384
                                                                                                                                                                                                    Function 0019C401 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ea00e54fe4076ab7f18e99808348b079380ea4c70d3933102f003976bd706667
                                                                                                                                                                                                    • Instruction ID: ceafd2597a5d5093b49690c4b101e9da2f24c347c25dc726ef49cac6f0f9af09
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea00e54fe4076ab7f18e99808348b079380ea4c70d3933102f003976bd706667
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 916179B3F112254BF3548D39DC983A26692DBD8310F2B81788F886B7C5D97E6D0A5384
                                                                                                                                                                                                    Function 001B2400 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b0aa75b9e4018d99a75c79b49bb55d6d2c3df9889672e6d7d6c9a8b9d13da80e
                                                                                                                                                                                                    • Instruction ID: 4b9ba2ad6a14813dcc8ef69f41a2b78db98cc9ebaec883a524cdccee9350c0f4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0aa75b9e4018d99a75c79b49bb55d6d2c3df9889672e6d7d6c9a8b9d13da80e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5618BF7F1152447F3544928DC6836262829BE4325F2F82788E9CBB7C5E97E9D0A53C4
                                                                                                                                                                                                    Function 001B20E0 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f8425c9d182f57ccab6e85cfac8c485e6d9dad4758aeca7dd63ede168d785883
                                                                                                                                                                                                    • Instruction ID: 6ecdf137fff04bdf2da31c23d619d8d14b7f522c454b20d043bdcef7723aca87
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8425c9d182f57ccab6e85cfac8c485e6d9dad4758aeca7dd63ede168d785883
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB618BB3F116254BF3504D69DC9836266839BD4321F2F82788F4C6B7C6E97E5D0A5284
                                                                                                                                                                                                    Function 00116160 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f1e06305de2f51e5e77dba96c07e94011a48f6b01b8114d3732c7e579072e921
                                                                                                                                                                                                    • Instruction ID: bad7842e6273e7032f3f32b5a02f2e2086aa8e2b4d7f6d27e0607f245006fd25
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1e06305de2f51e5e77dba96c07e94011a48f6b01b8114d3732c7e579072e921
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3519BB3F115248BF3504D29CC543A27683DBD9321F2F82B88E5C6B7C9E93E5C4A9284
                                                                                                                                                                                                    Function 0012A350 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6a4725ccc1b9b3351c4a15154b5cdde5d7ed265b3994cd624dc2b1fa3c391433
                                                                                                                                                                                                    • Instruction ID: ceafba7007f5f8fa3aada34ba69443dc4a63480ce8bd661aeef1a74b52cbaed9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a4725ccc1b9b3351c4a15154b5cdde5d7ed265b3994cd624dc2b1fa3c391433
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA517DB3E116264BF3544D29CC943A2B393DBD4321F3F41388A485B7C5DA7EAD169788
                                                                                                                                                                                                    Function 001620F0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a2f436e38679c472de28f7c2771cf7ede83f7aa06396f76019487e9e29ee125d
                                                                                                                                                                                                    • Instruction ID: e4aa17059641df579601dd141bb4d70ad11aa8732fb22cf57919f4b7743bb779
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2f436e38679c472de28f7c2771cf7ede83f7aa06396f76019487e9e29ee125d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8151AFB3F1152547F3440928DD583A266839BE0315F2F8278CE8CABBC6D87E9D4A53C4
                                                                                                                                                                                                    Function 001B1199 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 22dd85a529e2fdf0a0413a1c7fc8d4962ebb35cafe434940a0f1e4c886f1dcd5
                                                                                                                                                                                                    • Instruction ID: 453586100ab537b7acff4fa96cb673ce7e4f48e95a32e628ce845d712959172c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22dd85a529e2fdf0a0413a1c7fc8d4962ebb35cafe434940a0f1e4c886f1dcd5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84518AB3F115254BF3144E28CC64366B393AB94321F2F42788A59AB3C5EA7E6D0697C4
                                                                                                                                                                                                    Function 000C20CB Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f10a94d52f2688ac6579cb5d91253949a93015ef62ea603dc945f41b857f0acf
                                                                                                                                                                                                    • Instruction ID: fbe4bb8a7bd4eadfd848907732bd2bc84d62af33b0e5be9f76adf39dbd64909a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f10a94d52f2688ac6579cb5d91253949a93015ef62ea603dc945f41b857f0acf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33519AB3F116114BF3488964CCA83626683DBD0324F3F82788F5D6B7C5D97E6D0A4684
                                                                                                                                                                                                    Function 0009F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 378c75cd42235dddc0f11d625b1853f1c2e8c3bb546c32f527ae905ed8a557d2
                                                                                                                                                                                                    • Instruction ID: 3936fb012939c1c8f6f5c3687be91e5053b9769eb834515f22ec276595b06fcf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 378c75cd42235dddc0f11d625b1853f1c2e8c3bb546c32f527ae905ed8a557d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6411B327087524BDB29CF39889127BFBD29BDA300F1D883ED4C6C7296D524E9069B81
                                                                                                                                                                                                    Function 001ED109 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ecbc3e812f35fd2bbd24524440d3801d20367c0da8f3decef96a358ea5f8d5ca
                                                                                                                                                                                                    • Instruction ID: 8c81db96cf8b2a4a155cebd72714af7e6906b0d8367c45c50445a79d633ef72c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecbc3e812f35fd2bbd24524440d3801d20367c0da8f3decef96a358ea5f8d5ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251E6F390C6089BE304BE69DC4437AFBE6EF94350F17893DDAC487344EA7958458682
                                                                                                                                                                                                    Function 0016F185 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: e830c3897e9f1cccb9adffa16bdea51612d79f9045eeb6fbef8bf9c6dded7d69
                                                                                                                                                                                                    • Instruction ID: e94c5efe3f6790bf4524167fa19918bdeebf05bbb6c5fdc674d1e45d3280ad10
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e830c3897e9f1cccb9adffa16bdea51612d79f9045eeb6fbef8bf9c6dded7d69
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 065158B3F105254BF3584929CCA43A2B682EB94325F2F82788F8C6B7C5DD7E5D0A56C4
                                                                                                                                                                                                    Function 0017C22F Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2f08397d1d5a8f5dda74315d44e24a8a5496958de653eeaffd362d0d5ed3c9e7
                                                                                                                                                                                                    • Instruction ID: fadb4d47e140b03b654cfac6f573357cd03c807b2d57d8127865499457f19b7a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f08397d1d5a8f5dda74315d44e24a8a5496958de653eeaffd362d0d5ed3c9e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6751A0B3F6162547F3984878CD593A26583D7D4321F2F82388E58A7BC9DDBE9D0A4384
                                                                                                                                                                                                    Function 00192283 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: dc253b3cfdb9d3603884aea872ab11ae2c3ae94643dab82b3aa977ab96bd6445
                                                                                                                                                                                                    • Instruction ID: 6d9eaa1d9edee61543d49c470ca67f487f70a4637a1882510355d1e647da0fc0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc253b3cfdb9d3603884aea872ab11ae2c3ae94643dab82b3aa977ab96bd6445
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4451B0B3F116254BF3944D68CC983667282EBA4311F2F41788F4C6B7C5D97E6E0A9784
                                                                                                                                                                                                    Function 0016A3AC Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 12b52db1eb13129df8f7fdffb4b5db270379949501b389b5592afc864deea009
                                                                                                                                                                                                    • Instruction ID: 4906e3e5608340e9a9b79595c87a3841d56d42864a1b115d3a36c3e03577aec2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12b52db1eb13129df8f7fdffb4b5db270379949501b389b5592afc864deea009
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D51BAF3F0062247F3944D68CC983626282DB95324F2F42788F4CABBC5D97E5E0A5384
                                                                                                                                                                                                    Function 001D0028 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: f4d182a9ae16967df8317f8258b10044b50287a1bdf1b2004bc30c9e628ceb49
                                                                                                                                                                                                    • Instruction ID: fcd486018a630176791ee876d47291ddfd7bf67105e69916840ef46518498eca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4d182a9ae16967df8317f8258b10044b50287a1bdf1b2004bc30c9e628ceb49
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A34179B7F11A214BF3548C39CD583526683ABD5322F2F82788E5C6B7C9E87E5D0A52C0
                                                                                                                                                                                                    Function 001B5125 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3d801be9993a343f67826a7d7ef00d1360da4bd14eda366e8be1d5b39b1af3f6
                                                                                                                                                                                                    • Instruction ID: b820d5738cadc1b593bde1bedaccdbe2f21b47be370db4b8e024a5cd6dd68cde
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d801be9993a343f67826a7d7ef00d1360da4bd14eda366e8be1d5b39b1af3f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D416AB7F12A214BF3540925CC983A266839BE5325F2F42B88E5C7B3C6D87E5D0A53C4
                                                                                                                                                                                                    Function 00190503 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4140177b07b64341082f0d6d0d20f78903bf98b5726e384742126df858b9008c
                                                                                                                                                                                                    • Instruction ID: 7cf9a26f9849db91849f2c42c8e96ea82ba93bba111dfa287ba86e81b7abd9f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4140177b07b64341082f0d6d0d20f78903bf98b5726e384742126df858b9008c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E041BCB3F115254BF344492ACC583A626839BC5324F3F82788A1C9BBC5DD7E5D0A9788
                                                                                                                                                                                                    Function 000E123D Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c2c6c3c2dd4308238472a3881ec12487941cadc9c743a30f0ae5a912e8d548d4
                                                                                                                                                                                                    • Instruction ID: 1744171c90dea6ca4459d47779fd348f19e8715d154b9098bed0a4a4686180d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2c6c3c2dd4308238472a3881ec12487941cadc9c743a30f0ae5a912e8d548d4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44418AF3F614354BF3644D68CD983A262429B91325F2F82788F5C6BBC4E93E5C0A52C8
                                                                                                                                                                                                    Function 00092070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b22095561cc6d79c3a8bcb8dd1ba59a02d3722442272d8838b6e458b07a441c9
                                                                                                                                                                                                    • Instruction ID: 3b2cf60cb42473b5a4ce6bd812438f2510a0541c378bfcf30ace5827ec1e3427
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b22095561cc6d79c3a8bcb8dd1ba59a02d3722442272d8838b6e458b07a441c9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D48166B451A7808BD374DF95D99869BBBF0BB8A318F10C91DD48C4B360CBB85548CFA6
                                                                                                                                                                                                    Function 0016B254 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 55d9e6ec5a3ba8786ecbebe9688002f161a286bd8b4445d5afccd477cd798b34
                                                                                                                                                                                                    • Instruction ID: d2374a9cad2045e6b4048613d79d75ceb0eabd114a111b46ba486e7c789ea7e4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55d9e6ec5a3ba8786ecbebe9688002f161a286bd8b4445d5afccd477cd798b34
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B04149B3F116254BF344492ADCA83A37283ABD9320F3F41788A5C9B7C5D93E9C465784
                                                                                                                                                                                                    Function 0017049B Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 95253b3d6e2700e440d4abae19dee658eb2ce9310b692b7d9f1fb63de5adc4d0
                                                                                                                                                                                                    • Instruction ID: 5efc72e5acefda338925ca1c92cf40f41fb67acd74358d427dd02b2310388731
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95253b3d6e2700e440d4abae19dee658eb2ce9310b692b7d9f1fb63de5adc4d0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E14189B3F51A304BF3544928DD9836261839BD4325F2F82B88E6C6B7C6D87E5C0A92C0
                                                                                                                                                                                                    Function 00183015 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fc4229edda64aa28876f443d803dcb9c4e3450753b326232f0fd50244e67b8fd
                                                                                                                                                                                                    • Instruction ID: e2b8554a90db2b1bff692aed397436d0871ec8993e0f76553e8d407ccca840eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4229edda64aa28876f443d803dcb9c4e3450753b326232f0fd50244e67b8fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C3126F3E6192047F398447ACD593A2544397D0325F2F83398F6CABAC9CCBE4C0A4288
                                                                                                                                                                                                    Function 001981A9 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b87ca1d912e63ed8f3527e0faca85f6f5668eb011def96bb154f93ba51b1a147
                                                                                                                                                                                                    • Instruction ID: dcc3dc65b28fe57c2da3a53dcc785d771a675a5d9f345ff4635f5b0a42e09b7a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b87ca1d912e63ed8f3527e0faca85f6f5668eb011def96bb154f93ba51b1a147
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E03189B7F6192107F7944839CD993A221439BE4324F2F42798E5DAB7C6DC7E5C0A5280
                                                                                                                                                                                                    Function 0009A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                    • Instruction ID: 120ab26282f62ea72a1b8f350fc326e0d808b1e5f4ba8e80aae427abc73d28a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F631E872B08A144BDB599D3D4C5026EB6939BC6334F29C73DEA768B3C5DA748C419282
                                                                                                                                                                                                    Function 000D40BA Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4931aa4e5fc4c4f40ee36f05ff033e56c8376075838c13387b6b3bcf3a77d5a4
                                                                                                                                                                                                    • Instruction ID: a6b829a3c79e6debfef53410c055cbf9cd4b3e6754f3cb84b283123a348ae8ec
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4931aa4e5fc4c4f40ee36f05ff033e56c8376075838c13387b6b3bcf3a77d5a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55313EF3F5052547F3944839CD593A25483E7D0324F2F82388E99A77C5DCBE9E450280
                                                                                                                                                                                                    Function 0016C198 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 085a9d18993bce8f82e58a61a14c971eb1e1799c6327c348f0934e3ed4f8e74a
                                                                                                                                                                                                    • Instruction ID: c8a1af8c5379c1534ce826e1e148ffb2e18222f3d114dfa7f13df608357ab2d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 085a9d18993bce8f82e58a61a14c971eb1e1799c6327c348f0934e3ed4f8e74a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E13128B3F2152007F7584878DD683A65542EBD5315F2F82388E58BBBC9E87E8C0902C4
                                                                                                                                                                                                    Function 001C0421 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3994d36dfa5ba9ba12b230a7978b38c30b82913fb9d377ac574f44ca196dfa58
                                                                                                                                                                                                    • Instruction ID: 4ed8133b881f7c13264241103ed23d924d7c32da39720f14b10f1f450f20b97f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3994d36dfa5ba9ba12b230a7978b38c30b82913fb9d377ac574f44ca196dfa58
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF31E1B3F2153547F3584D38CC943A2B682DB95311F2F42798E48ABBC5D87E9C0866C4
                                                                                                                                                                                                    Function 0017F108 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 31393bb9c8476830203e375b500bc64b2da9ad47dbd7360b6ab064499440a4af
                                                                                                                                                                                                    • Instruction ID: f88f8328f41b46c1b1e0524e7faab53960e2741848b3a6945aa9042cb1f62a65
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31393bb9c8476830203e375b500bc64b2da9ad47dbd7360b6ab064499440a4af
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F83148B3F2162147F3944879CD983666583E795324F2B82388F5CAB7CADC7E9D0A4384
                                                                                                                                                                                                    Function 001CD140 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ba953369a503967f6655f18a0cb533348b5db2463479622729cef120ccd4b73d
                                                                                                                                                                                                    • Instruction ID: 2edd30e896a84ed4d62ef22e04c12d95e7d12c6a4718e319ae6f322ac7ff7f89
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba953369a503967f6655f18a0cb533348b5db2463479622729cef120ccd4b73d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18311BB7F5062647F3640879DD593A265429BD5318F2F82358F5CBBBCAD8BE4C0A12C4
                                                                                                                                                                                                    Function 001530CE Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b76fbfef11905c926eb941fe600f4f4f31500958d5249844c65de978b4d9a934
                                                                                                                                                                                                    • Instruction ID: f0df8c6b5c9f378925976fe49da5a932194567d8aa3ccb44dc24714cf1db4757
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b76fbfef11905c926eb941fe600f4f4f31500958d5249844c65de978b4d9a934
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64312BB3F51A2147F3548439CD493A2258397D5325F2F82B89F58ABBC9DC7D4D0A4288
                                                                                                                                                                                                    Function 001AE1B4 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 142a2137bc689941ce211bfe6b95f67edccb7cf8a57bb482ef309ee118e4a37f
                                                                                                                                                                                                    • Instruction ID: 2707296b7e98294d633357a682e1d4a84ce497bb5632da8a7838c1cab7ab60cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 142a2137bc689941ce211bfe6b95f67edccb7cf8a57bb482ef309ee118e4a37f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 823137F3E6192147F3648839CD193A125839BE1325F3F83788F5C6BAC9D87E9D4A5284
                                                                                                                                                                                                    Function 00137230 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d035f9552617547165864bf67f285ba498ec709501ba84cf7593f8c95deee1b7
                                                                                                                                                                                                    • Instruction ID: ad05fc52241cc0bff9887f2f79a03135733e77415a6f7379595e1f0b2b33cde6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d035f9552617547165864bf67f285ba498ec709501ba84cf7593f8c95deee1b7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C53164B7E516258BF3504968DC983A2A6829B90325F2F8278CF5C3B7C4D93E5D0A57C4
                                                                                                                                                                                                    Function 00199046 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d0f349220aa5cda3e6515e1653e42f70e89ac0a5161e635004fa0f4eedd6b472
                                                                                                                                                                                                    • Instruction ID: 4740c40a73d63bc1bced103d79e9228b4d360bd7347ceb42e605b57db58c9f96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f349220aa5cda3e6515e1653e42f70e89ac0a5161e635004fa0f4eedd6b472
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD31F3B3F1093447F39844B9CD693A264829795325F2F82798F1DBB7C5D8BE4C0A12C8
                                                                                                                                                                                                    Function 000DF0EA Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1019bef3fcce3d55a0b845575e1c1502a7e8945b83befdf0ca906b51520f8e66
                                                                                                                                                                                                    • Instruction ID: 9feb41323676c6f70092819feb94f91a2d4cc0d582f849d1bf7f18c12e5beb1f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1019bef3fcce3d55a0b845575e1c1502a7e8945b83befdf0ca906b51520f8e66
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64317AB7F1062107F3584869DDA93A261439BD5329F2F82398F5D6BBC6DC7E4C0A0384
                                                                                                                                                                                                    Function 001C3143 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d4d4c3c3c34668b2a064c7fd2b968da5670741049e519799bb78ead92c97cdd7
                                                                                                                                                                                                    • Instruction ID: 8b1068a951181c68219fec14056572d05c9d4206e19671da863f15170d25db90
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4d4c3c3c34668b2a064c7fd2b968da5670741049e519799bb78ead92c97cdd7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD214CB3F6163647F39848A9CC54392A5839BD4725F2F82754A9CE77C5DCBC8C0A12C8
                                                                                                                                                                                                    Function 001B7179 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bb50cbb0185816f99105b0e13a52a3c640ec790c662246b3d78cb4b0b0dc286a
                                                                                                                                                                                                    • Instruction ID: bc71dc4a363e81aef16a460df9ff88ad7012b83d92127688e01dc4ee155bfb96
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb50cbb0185816f99105b0e13a52a3c640ec790c662246b3d78cb4b0b0dc286a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31F4F3F5152107F3984838CC6936661839BA1325F2F82798B4EABBC5E87D8D0A1284
                                                                                                                                                                                                    Function 001661C2 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cfed1591b2335a2b0f3bc072666cc1cc28027db6cd8d25b33078153333870824
                                                                                                                                                                                                    • Instruction ID: 309eb533eb6c5db6d1f0b23fc53c73887a4f4f004bff40ff9fa144cdca11bfcf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfed1591b2335a2b0f3bc072666cc1cc28027db6cd8d25b33078153333870824
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3314AA3F20A2107F3544829DD993666582E7D8328F2F82388F98A77C6E87D9C0602D4
                                                                                                                                                                                                    Function 001AB0EE Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9dcea4ae80a6ee4877a2eca4529da4994d3cc4c1f9480a957c52321f4cfb82e7
                                                                                                                                                                                                    • Instruction ID: 2bfb08ea56e513ce1e23fa2375f468ad8cc22d04fcbc2180a803a958b5a4b96d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dcea4ae80a6ee4877a2eca4529da4994d3cc4c1f9480a957c52321f4cfb82e7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C216DB3FA1A214BF3984879CD5936655C3D7D0324F2F83794F68AB6C8DC7D59064288
                                                                                                                                                                                                    Function 001750C6 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4e2d1c1ac10224819a2823a9d110a9880babc9e6b14337916be64b53a2004a29
                                                                                                                                                                                                    • Instruction ID: 949d28e0e3de0db5e443f97d7d6f786bfd832e38250942175e4565567dcf3c15
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e2d1c1ac10224819a2823a9d110a9880babc9e6b14337916be64b53a2004a29
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E21E3F3F6152107F7588869CD5836255838BD5325F2F82798E0CABAC9D87D8D0612C8
                                                                                                                                                                                                    Function 00144427 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 027901d92896ac070c3c45f453ef7c65ea2eadede67a701a245a357ec22bfc1a
                                                                                                                                                                                                    • Instruction ID: 87c247fb23b38182101353c059beb5c081cdae34bad59a744a1d2fbdfa88a156
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027901d92896ac070c3c45f453ef7c65ea2eadede67a701a245a357ec22bfc1a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3211AF7E5162247F34088B9DD9836365939BE5325F2B82748F2CABBC9D87C4D0A16C4
                                                                                                                                                                                                    Function 000FC506 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5283417f29401a0a55d0108f227a4e3a34bf32421d1a823278238cb9a5c147a4
                                                                                                                                                                                                    • Instruction ID: ebf15ed3fcb6542906216b6a7c9092a8a8049d084d01c951b39bade8b3147925
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5283417f29401a0a55d0108f227a4e3a34bf32421d1a823278238cb9a5c147a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E316DF3E2192547F3584878CD683A265929794321F3F83388F2DA76C5DC7D4E0912C4
                                                                                                                                                                                                    Function 00148007 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a669a193dd305f4f3a69c65f75d707bfeb810fdc4e08f13d811ee35b6c91bb6e
                                                                                                                                                                                                    • Instruction ID: ff85f85722b6acf3a57d0bfda5c47c39350d5bd9bba5e3af2133e57d4b2ea69d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a669a193dd305f4f3a69c65f75d707bfeb810fdc4e08f13d811ee35b6c91bb6e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9216AB7F2283503F3944878DD593A6A6839794321F2F82398E68A77C6EC7D9C0902C4
                                                                                                                                                                                                    Function 000F0347 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 40d3132e14f2dfa16c3454bbf1cbdacb674294f5e791c38d0e68feec5b2731e6
                                                                                                                                                                                                    • Instruction ID: c73090478060889c4ee914c011b44da3b1949e061872fa6a6229bcdfc8ca7197
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40d3132e14f2dfa16c3454bbf1cbdacb674294f5e791c38d0e68feec5b2731e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A2177B7F616214BF3444938CCA8396258397D5325F2F83788E58ABBC9DC7E9D0A4784
                                                                                                                                                                                                    Function 001B84CF Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 930eb38d857b79a93f8eabc20d8417be935caf41b3276e27e9902e619c638ee0
                                                                                                                                                                                                    • Instruction ID: 28c896dd32af7ca8cfe09d6ee40cb903f4d86bee7e45ac7853d01083f4abd2c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 930eb38d857b79a93f8eabc20d8417be935caf41b3276e27e9902e619c638ee0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 262192B3F506214BF3588874CC9836265439BD5314F2F8278CF1C6BBC6D8BE5C495284
                                                                                                                                                                                                    Function 00096210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                    • Instruction ID: b5a7fd2f625b0d8c503369e91952cf77818dceb7a65d9bdf8d61efc640807101
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42112933A085D40EC7128F3C8500569BFE30BD3774F1943A9F4B89B2D2D6238D8AA350
                                                                                                                                                                                                    Function 0007C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                    • Instruction ID: 87053224c61e4c2855c7701eeb7a7be62fed19571f3751c35b5d662b38d1c72a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0A420404B914AE7318F398420773BFF09F13318F145A4CC5D7576D2D37AD20A8798
                                                                                                                                                                                                    Function 0008E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                    • Instruction ID: 72c6610d407e2f01ac35537eb4e9eb9e7b2b08cca846d80c4b6fa2b17a4528cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2F065105087E28ADB635B3E84606B2BFE0AB63120B281BD5C8E19B2C7C3159596C766
                                                                                                                                                                                                    Function 0008D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000001.00000002.1368632713.0000000000061000.00000040.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368581722.0000000000060000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1368632713.00000000000A5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369705398.00000000000B3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.00000000000B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.000000000023B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000318000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000340000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000348000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1369892895.0000000000356000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370610148.0000000000357000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370903484.00000000004EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000001.00000002.1370955028.00000000004EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_60000_tJd3ArrDAm.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 46229b38daccf775aa89ee940d4800e483d565b52e3fa2aaf9dd8790087c9804
                                                                                                                                                                                                    • Instruction ID: 6cebf228012087298d13b92bd926ecbc1d83620e1605bb368f928a58dd66e8dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46229b38daccf775aa89ee940d4800e483d565b52e3fa2aaf9dd8790087c9804
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9201F9706442429BE344CF38CCA0566FBA1FB97364B08C79DC55587796C638D842C795